Italy Blocks ChatGPT Over GDPR Violations and Insufficient Child Protection

Italy's Privacy Guarantor has ordered the block of ChatGPT, an AI language model developed by OpenAI, citing concerns that the company's data handling practices violate the European Union's General Data Protection Regulation (GDPR).

According to the regulator, OpenAI's bulk collection of data for training ChatGPT's model has no "legal basis," and the sometimes-inaccurate results suggest that the generative AI is not processing data correctly. Additionally, the Guarantor is alarmed by a recent flaw that led to the leak of sensitive user data.

The data agency also accuses OpenAI of insufficient protection for children. Although the company says that ChatGPT is intended for individuals over the age of 13, there are no age verification measures in place to prevent minors from accessing inappropriate responses.

OpenAI has 20 days to respond to the Guarantor's concerns, and must provide a plan of action to address the issues. Failure to comply could result in a fine of up to €20 million (approximately $21.8 million US) or up to four percent of the company's annual worldwide turnover.

OpenAI's privacy policy acknowledges that conversation data can be used by trainers to improve the AI, but also states that the data is aggregated or anonymized. The policy prohibits use by children under the age of 13, and the company claims not to "knowingly" collect personal information from underage users.

As of publication, OpenAI has not responded to requests for comment on the matter.