The OpenAI faced with the Italian Data Protection Agency of EUR 15 million (about $ 1.566 million) because people have serious concerns about how ChatGPT processes personal data.
Feming is the latest progress legend that is happening a year ago. The model is a clear violation of the EU General Data Protection Rules (GDPR). The Garante also pointed out that OpenAI failed to notify authorities about a security breach that occurred in March 2023. The breach potentially exposed user data, deepening concerns about the tech giant\’s transparency and accountability. Adding to the controversy, the Garante also called out OpenAI for lacking adequate age-verification systems, raising alarms about the potential risks posed to children under 13 who might inadvertently access inappropriate content.
In addition to the substantial fine, OpenAI has been ordered to launch a six-month public communication campaign aimed at educating the public on how ChatGPT collects and uses personal data. This includes explaining what data is collected—both from users and non-users—and how individuals can exercise their rights to object, correct, or delete their data.
\”Through this campaign, we want to ensure that users and non-users alike understand how their data is used to train AI models and how they can exercise their rights under GDPR,\” said the Garante. The ruling follows a series of dramatic events in March 2023, when Italy became the first country to temporarily ban ChatGPT over data protection concerns. Access was later restored after OpenAI fixed the issue with Garante. However, OpenAI has strongly contested this decision. In a statement to The Associated Press, the company called the fine “disproportionate” and revealed it plans to appeal. The company stated that the fine was almost 20 times higher in Italy during the period. Despite this failure, the Open has repeated its commitment to users’ privacy and further develop valuable AI tools. The decision observed the most important decision of the European Data Protection Commission (EDPB). EDP B believes that illegal processing of personal data, but later anonymous AI models may not contradict GDPR, unless they process personal data, unless the implementation is implemented.
Meanwhile, the EDPB has also published new guidelines for handling data transfers outside the European Union, clarifying that GDPR rules still apply when personal data is shared with non-European authorities.
Stay tuned for more updates, and be sure to follow us on Twitter and LinkedIn for exclusive content!