OpenAI could face fines of up to €20 million or 4% of global annual revenue if the violations are confirmed. The DPA also has the power to order changes to data processing to halt confirmed infringements. In response, OpenAI has stated that it takes extra precautions to protect data and privacy and believes its operations comply with GDPR. The company is also working to reduce the amount of personal data used to train its systems. OpenAI is also seeking to establish a base in Ireland to manage growing regulatory risk in the EU.
Key takeaways:
- The Italian data protection authority, Garante, has notified OpenAI of a breach in the EU's data privacy rules by its AI chatbot, ChatGPT.
- OpenAI, which is supported by Microsoft, has 30 days to submit defense arguments against these privacy violations.
- Violations of the pan-EU framework could result in fines up to €20 million, or 4% of worldwide yearly revenue, and may require OpenAI to modify its data processing methods.
- OpenAI has responded by insisting that it complies with GDPR and other privacy laws, and is actively working to minimize the amount of personal data used to train their systems.