The Italian data protection authority (DPA) has concluded that OpenAI and its popular AI chatbot ChatGPT do not comply with the European Union GDPR provisions.
Italian DPA regulator published a statement on Jan. 29 to notify OpenAI, the creator of the ChatGPT bot and supporting artificial intelligence (AI) platform, of its breaches of the EU data protection law (GDPR).
According to the agency, it has performed a “fact-finding activity” after the temporary ban on data processing was imposed on OpenAI by the DPA on March 30, 2023.
In May 2023, OpenAI announced that its proprietary chatbot ChatGPT had become available to Italian users again. However, DPA did not fully lose its concerns over ChatGPT’s potential violation of the data protection rules regarding personal information, privacy standards, and the practice of age restrictions.
In November 2023, the regulator launched a probe to finally conclude that OpenAI’s flagship AI product breaches some of the provisions contained in the EU GDPR.
Now, OpenAI has 30 days to submit any counterclaims regarding the allegations of breaches. Italian regulator also noted that it would consider the results of work currently performed by a task force of national privacy watchdogs set up by the European Data Protection Framework (EDPB) for its final decision on the OpenAI case.
The EDPB binding decision plays a key role in ensuring the correct and consistent application of the GDPR by the national Data Protection Authorities. When separate national entities come to opposite or contradicting decisions regarding certain companies’ activities, the EDPB has its final word.
Upon the initial ban imposed on OpenAI in Italy, EDPB members discussed this enforcement action and decided to launch a dedicated task force to foster cooperation and exchange information on possible enforcement actions conducted by various national data protection authorities.
Although so far OpenAI has to comply mainly with GDPR rules in providing services to European users, the soon-expected AI Act will present new challenges for firms dealing with AI technology development.
Last year, European legislators proposed regulatory measures to regulate the creation and development of artificial intelligence. Its initial version faced a lot of criticism. Therefore, regulators in Italy, Germany, and France did not agree with the idea, proposing specific amendments to the EU-wide AI regulation.
Reportedly, OpenAI has also successfully lobbied for changes to the legislation of the European Union on artificial intelligence. Upon some discussions with European Commissioner Thierry Breton, Meta CEO Mark Zuckerberg and Sam Altman, CEO of OpenAI, supported relevant legislative initiatives. Today, the AI Act is also supported by the European Union’s (EU) competition and digital chief, Margrethe Vestager.
If it passes all the stages of approval, the final text of the AI Act will likely be published in the Official Journal of the European Union between Q2 and Q3 2024. The law would become applicable two years after it enters into force.
