Italian Data Protection Authority (IDPA) Finds OpenAI’s ChatGPT in Breach of Data Protection and Privacy Laws

The Italian Data Protection Authority (IDPA) has released a statement asserting that OpenAI’s ChatGPT is in violation of data protection and privacy laws in Italy. The IDPA conducted a fact-finding probe in November 2023 to investigate online AI data scraping and found that ChatGPT does not comply with provisions in the European Union’s General Data Protection Regulation (GDPR). OpenAI has been invited to submit counterclaims within 30 days of the notice. This development follows Italy’s initial ban on ChatGPT in March 2023, which was later lifted after OpenAI agreed to transparency measures.

The IDPA’s findings highlight the regulatory scrutiny and challenges that AI models face in ensuring compliance with data protection and privacy laws. As AI technologies continue to evolve, regulatory authorities are keen to ensure that they adhere to legal frameworks, especially in regions with strict data protection regulations like the EU. Companies developing AI models need to be vigilant about privacy considerations and work proactively with regulators to address compliance concerns.