Italian regulator notifies OpenAI about violating Europe’s privacy laws

Following a months-long investigation of its AI chatbot, ChatGPT, the Italian DPA (Garante) notified breaches of data protection law to OpenAI.

Following the temporary ban on processing imposed on OpenAI by the Garante on March 20 last year, and based on the outcome of its fact-finding activity, the Italian DPA concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.

“OpenAI may submit its counterclaims concerning the alleged breaches within 30 days,” said the regulator.

The Italian Garante will take account of the work in progress within the ad-hoc task force set up by the European Data Protection Framework (EDPB) in its final determination on the case.

OpenAI was yet to comment on the regulator’s report.

Confirmed breaches of the pan-EU regime can attract fines of up to 20 million euros, or up to 4 per cent of global annual turnover, reports TechCrunch.

The Italian authority raised concerns about OpenAI’s compliance with the EU’s General Data Protection Regulation (GDPR) last year.

It had ordered a temporary ban on ChatGPT’s local data processing which led to the AI chatbot being temporarily suspended in the market.