OpenAI's GDPR Violation: Garante's Mandate for Transparency and Privacy

Key Takeaways
  • OpenAI's ChatGPT, an AI chatbot service, allegedly violated the GDPR of the European Union, leading to severe rules being issued by the Italian data protection regulator, Garante
  • OpenAI is required to increase transparency by issuing a comprehensive information notice and implementing age-gating measures
  • OpenAI must also provide legal justifications for processing personal data, allow users to exercise their rights in relation to their data, run an awareness campaign
13-04-2023 By: Simran Mishra
OpenAI's GDPR Violat

OpenAI's ChatGPT, an AI chatbot service, has allegedly violated the GDPR of the European Union, leading to severe rules imposed by the Italian data protection regulator, Garante.

The General Data Protection Regulation (GDPR) of the European Union was allegedly violated by OpenAI's ChatGPT, an artificial intelligence (AI) chatbot service, and as a result, Garante, the Italian data protection regulator, has issued severe rules to lift the March 2023 order. The regulator's press release mandates increased transparency from OpenAI, requiring the company to issue a comprehensive information notice detailing its data processing practices. 

Additionally, OpenAI must implement age-gating measures to prevent minors from accessing its technology and adopt more stringent age verification methods.

OpenAI cannot merely rely on contract performance; it must also describe the legal justifications for processing personal data to train its AI. User consent or legitimate interests must be considered. There are now three legal justifications mentioned in OpenAI's privacy policy, however, contract performance seems to be given more importance.

Additionally, OpenAI also needs to make it possible for users and non-users to exercise their rights in relation to their personal data, such as requesting updates for any inaccurate information produced by ChatGPT or the deletion of their data. The processing of user data for algorithmic training must also be subject to user objection. To let people know that their information is being used to train its AIs, OpenAI is required to run an awareness campaign in Italy.

The majority of these tasks must be finished by OpenAI by April 30th, according to Garante. The deadline for submitting a proposal explaining the use of age verification technologies to weed out users under 13 (and those aged 13 to 18 without parental agreement) has been extended to May 31. OpenAI has been given an extension. The installation of this system must be completed by September 30.

Following concerns raised by Garante about privacy violations and failure to verify user age, OpenAI, backed by Microsoft, took ChatGPT offline in Italy on March 31. The company now needs to comply with the regulatory requirements to lift the imposed order and regain access to the Italian market. 

Also, read - FTX Legal Fees So High, They Might Have to Create a New Cryptocurrency Just to Pay Them Off

WHAT'S YOUR OPINION?
Related News
Related Blogs