The Italian government has ordered OpenAI to stop processing people’s data locally with immediate effect. Additionally, the Italian DPA stated that it is concerned that the maker of ChatGPT is violating the European Union’s General Data Protection Regulation and has launched an inquiry.
To be more specific, the Garante has stated that they have ordered ChatGPT to be blocked in their nation due to some worries, such as the idea that OpenAI may have processed people’s data illegally. The absence of any system to restrict minors from accessing the technology is another justification for the cited ruling. ChatGPT has 20 days to respond to the directive; if they don’t, they risk stiff fines.
Range of the GDPR Concerns
It is well established that GDPR applies in situations where the personal data of EU users is processed, and it is clear that OpenAI’s huge language model has been processing this kind of data. It’s important to note that OpenAI has declined to provide more information about the data utilized for the most recent version of the technology, GPT-4. On the other hand, it has come to light that earlier models were trained using data that was extracted from websites like Reddit.
Additionally, it has been claimed that ChatGPT has been spreading fake information about specific people. This incident backs up the assertion that the software’s training data is inadequate. The GDPR issues were brought up by these conditions.
The data breach that the service experienced earlier this month was also a major topic of the Garante statement. It may be recalled that OpenAI acknowledged a conversation history feature had been disclosing users’ chats and claimed it may have done so in conjunction with the disclosure of some users’ payment information.
Possible Outcome to ChatGPT
If it is established that OpenAI did indeed process Europeans’ personal data unlawfully, DPAs all throughout the union may compel its deletion. The DPA clarified that the Privacy Guarantor has raised concerns about the lack of transparency provided to users and other interested parties whose data OpenAI collects.
They continued by highlighting the lack of a legal foundation for the widespread gathering and storage of personal data with the intention of “training” the platform’s operating algorithms. The authority has also drawn attention to the fact that ChatGPT occasionally provides information that does not match actual facts, classifying this activity as erroneous processing of personal information.
The DPA stated that they are still concerned about the possibility that OpenAI will process the data of minors because the firm does not have any safeguards in place to prevent anyone under the age of 13 from signing up to use the chatbot, such as age verification software.