The Italian regulatory body responsible for data protection has specified the actions that OpenAI must take to revoke an order imposed on ChatGPT. The order was issued in March 2023. The watchdog suspected the artificial intelligence (AI) chatbot service of violating the EU's General Data Protection Regulation (GDPR) and mandated the United States-based firm to halt the processing of data belonging to individuals residing in the country.
The regulator's press release mandates that OpenAI must increase its transparency and issue an information notice that comprehensively outlines its data processing practices. Additionally, the statement requires OpenAI to implement age-gating measures immediately to prevent minors from accessing its technology and adopt more stringent age verification methods.
OpenAI is obligated to specify the legal grounds it relies upon for processing individuals' data to train its AI, and it cannot rely on contract performance. This means that OpenAI must choose between obtaining user consent or relying on legitimate interests. OpenAI's privacy policy currently references three legal bases but appears to give more weight to the performance of a contract when providing services such as ChatGPT.
Furthermore, OpenAI must enable both users and non-users to exercise their rights regarding their personal data, including requesting corrections for any misinformation generated about them by ChatGPT or deleting their data.
In addition, the regulatory agency mandated that OpenAI must provide users with the option to object to the processing of their data for the purpose of training its algorithms. Also, OpenAI is required to conduct an awareness campaign in Italy to inform individuals that their information is being processed to train its AIs.
The Italian Data Protection Agency (DPA) has set a deadline of April 30 for OpenAI to complete most of these tasks. OpenAI has been granted some additional time to comply with the additional demand of migrating from the existing, age-gating child safety technology to a more resilient age verification system.
Related: ‘ChatGPT-like personal AI’ can now be run locally, Musk warns ‘singularity is near’
Specifically, OpenAI has until May 31 to submit a plan outlining the implementation of age verification technology that screens out users under 13 years of age (and those aged 13 to 18 who have not obtained parental consent). The deadline for deploying this more robust system is set for September 30.
On Friday, March 31, following the concerns raised by the national data agency about possible privacy violations and failure to verify the age of users, Microsoft-backed OpenAI took ChatGPT offline in Italy.
Magazine: Best and worst countries for crypto taxes — plus crypto tax tips