Italy bans ChatGPT, citing data protection worries

The Italian data protection authority has ordered OpenAI to stop ChatGPT operating in Italy because of data protection fears

Italy has banned ChatGPT for data protection reasons

Adrian Weckler

ChatGPT has been ordered to cease operation in Italy, according to that country’s data protection authority (DPA).

The Guarante DPA made the announcement on Friday, claiming that the online artificial intelligence (AI) system is flouting GDPR because it has no legal basis to process people’s personal data. The watchdog also says that there are no proper safeguards in place for the personal data of children who might be tempted to use it.

OpenAI, the Microsoft-backed firm that runs ChatGPT, has no corporate or administrative base within the European Union, allowing any EU country’s data protection authority to take action as they see fit.

The Irish Data Protection Commissioner, which takes the lead on most big tech regulation in Europe because of the corporate bases located here, said that it was in contact with the Italian watchdog on the issue.

“We are following up with the Italian regulator to understand the basis for their action and we will coordinate with all EU Data Protection Authorities in relation to this matter,” a spokesperson told the Irish Independent.

“As OpenAI is not subject to the One Stop Shop and not lead regulated from Ireland, it is open to any and all DPAs to act and the [Irish] DPC will have regard to the efficient and appropriate use of our resources as we examine this matter at EU level.”

Italy’s move could cost OpenAI up to €20m in GDPR fines, unless the company updates its data collection processes or restricts the service from being accessed in Italy.

The Italian regulator issued a statement today ordering, “with immediate effect, the temporary limitation of the processing of Italian user data [by] OpenAI, the US company that developed and operates [ChatGPT”.

The watchdog said that the move was triggered by an event on March 20the, when ChatGPT “suffered a data breach regarding user conversations and information related to the payment of subscribers to the paid service”.

It added that that there is a “lack of information to users and all interested parties whose data is collected by OpenAI” and “the absence of a legal basis that justifies the collection and massive storage of personal data, in order to “train” the algorithms underlying the operation of the platform”.

And it noted ChatGPT’s own assertion that “the information provided by ChatGPT does not always correspond to the real data, thus resulting in an incorrect processing of personal data”.

ChatGPT has become the most talked-about online service of 2023. Using its ‘large language model’, it organises billions of documents into answers, plans, presentations, work models and creative works based on plain-language prompts and questions.

The associated AI technology has scared some senior technology industry figures, with Elon Musk and Apple co-founder Steve Wozniak signing a letter this week that called for a six-month pause on development of artificial intelligence research, which signatories claim is “out of control” and a “risk to our civilisation” because it’s spawning “nonhuman minds that might eventually outnumber, outsmart, obsolete and replace us”.

OpenAI has 20 days to respond to the Italian regulator.