The Italian authority raised concerns about OpenAI's compliance with the General Data Protection Regulation (GDPR) last year, leading to a temporary ban on ChatGPT's local data processing. The authority suspects ChatGPT of breaching several articles of the GDPR, primarily related to the collection and processing of personal data for training the algorithms underlying ChatGPT. OpenAI has responded by stating that it believes its practices align with GDPR and other privacy laws, and that it takes additional steps to protect people's data and privacy.
Key takeaways:
- OpenAI is suspected of violating European Union privacy laws, following an investigation by Italy’s data protection authority into its AI chatbot, ChatGPT.
- OpenAI has been given 30 days to respond with a defence against the allegations, and if found guilty, could face fines of up to €20 million, or up to 4% of global annual turnover.
- The Italian authority raised concerns about OpenAI’s compliance with the General Data Protection Regulation (GDPR), particularly regarding the legal basis for the collection and processing of personal data for training the algorithms underlying ChatGPT.
- OpenAI is also facing scrutiny over ChatGPT’s GDPR compliance in Poland, and is seeking to establish a physical base in Ireland to gain "main establishment" status and switch to having assessment of its GDPR compliance led by Ireland’s Data Protection Commission.