Italian Regulator Again Finds Privacy Problems in OpenAIChatGPT Maker Has 30 Days to Respond
ChatGPT maker OpenAI has 30 days to respond to the Italian data regulator after an investigation by the agency concluded the company apparently had violated European privacy laws.
The Italian data protection authority, known as Garante, said Monday that it had notified the San Francisco company of its findings.
The Italian agency in 2023 imposed a temporary ban on OpenAI's large language model chatbot after it said the company had violated the European General Data Protection Regulation (see: Italian Privacy Watchdog Imposes ChatGPT Ban).
It restored in-country access to the chatbot in April after OpenAI agreed to changes including age verification and an opt-out form to remove one's personal data from the large language model - although users must provide evidence that their personal data is accessible through a prompt of the model.
In a Monday update, the Italian regulator said a review of the changes introduced by OpenAI had revealed that the company continues to violate trading bloc privacy law. It will take into account the outcome of a European task force empaneled last April by the European Data Protection Board.
OpenAI faces privacy scrutiny from the German, French, Spanish, and Polish data regulators regarding the company's privacy practices (see: European Scrutiny of ChatGPT Grows as Probes Increase).
Europe is preparing to implement a comprehensive regulation on artificial intelligence. The AI Act bans high-risk AI systems, such as emotion recognition, and facial data scraping from CCTV.
"You can exercise some of these rights through your OpenAI account but please note these rights may be limited," the company said.