OpenAI’s ChatGPT is facing a steep €15 million fine
from Italy’s data protection authority. The penalty involves alleged data
breach and misuse of personal information.
According to a statement by the regulator, the
investigation began in March 2023 after a data breach involving ChatGPT raised
concerns. The Italian Data Protection Authority (IDPA), also known as the
Garante, uncovered several violations, including OpenAI’s failure to notify the
breach and its use of personal data to train its AI model without an adequate
legal basis.
Age Verification Mechanism
These actions, the IDPA said, violated principles of
transparency under the General Data Protection Regulation (GDPR). Further
concerns arose about the lack of effective age verification mechanisms, leaving
minors under 13 exposed to potentially inappropriate responses from the
chatbot.
“OpenAI has not provided mechanisms for age
verification, with the consequent risk of exposing minors under 13 to responses
that are unsuitable for their level of development and self-awareness,” the
regulator wrote.
#GarantePrivacy #IntelligenzaArtificiale Provvedimento correttivo e sanzionatorio nei confronti di #OpenAI in relazione alla gestione del servizio #ChatGPT: la società dovrà realizzare una campagna informativa di 6 mesi e pagare una sanzione di 15 mln € https://t.co/mhUb3Wlxla pic.twitter.com/nIAVgcSjUO
— Garante Privacy (@GPDP_IT) December 20, 2024
The IDPA has now ordered OpenAI to execute a six-month
public information campaign across radio, television, newspapers, and online
platforms. The campaign aims to educate the public on how generative AI works,
the data it collects, and how users can exercise their GDPR rights, such as
data rectification or opposition.
Further Compliance Concerns
The fine reflects OpenAI’s partial cooperation during
the investigation, which the IDPA acknowledged in its final ruling.
Additionally, OpenAI’s establishment of a European headquarters in Ireland
during the investigation reportedly triggered the GDPR’s “one-stop shop” rule. This means
further inquiries into ongoing compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term will be overseen by Ireland’s Data
Protection Authority.
“ChatGPT users and non-users should be made aware of
how to oppose the training of generative artificial intelligence with their
personal data and, therefore, be effectively placed in the position to exercise
their rights under the GDPR,” the regulator noted.
In April, OpenAI hosted hundreds of top executives
from Fortune 500 companies in San Francisco, New York, and London to pitch AI
services. The promotion involved an enterprise-grade version of OpenAI's
chatbot. This offering reportedly seeks to address specific needs across
different sectors.
The firm assured corporate clients that their data is
secure and will not be used to train its models. The AI firm is targeting
corporations in an effort to strengthen its revenue. Besides that, the
promotion seeks to expand the firm's services to new markets.
OpenAI’s ChatGPT is facing a steep €15 million fine
from Italy’s data protection authority. The penalty involves alleged data
breach and misuse of personal information.
According to a statement by the regulator, the
investigation began in March 2023 after a data breach involving ChatGPT raised
concerns. The Italian Data Protection Authority (IDPA), also known as the
Garante, uncovered several violations, including OpenAI’s failure to notify the
breach and its use of personal data to train its AI model without an adequate
legal basis.
Age Verification Mechanism
These actions, the IDPA said, violated principles of
transparency under the General Data Protection Regulation (GDPR). Further
concerns arose about the lack of effective age verification mechanisms, leaving
minors under 13 exposed to potentially inappropriate responses from the
chatbot.
“OpenAI has not provided mechanisms for age
verification, with the consequent risk of exposing minors under 13 to responses
that are unsuitable for their level of development and self-awareness,” the
regulator wrote.
#GarantePrivacy #IntelligenzaArtificiale Provvedimento correttivo e sanzionatorio nei confronti di #OpenAI in relazione alla gestione del servizio #ChatGPT: la società dovrà realizzare una campagna informativa di 6 mesi e pagare una sanzione di 15 mln € https://t.co/mhUb3Wlxla pic.twitter.com/nIAVgcSjUO
— Garante Privacy (@GPDP_IT) December 20, 2024
The IDPA has now ordered OpenAI to execute a six-month
public information campaign across radio, television, newspapers, and online
platforms. The campaign aims to educate the public on how generative AI works,
the data it collects, and how users can exercise their GDPR rights, such as
data rectification or opposition.
Further Compliance Concerns
The fine reflects OpenAI’s partial cooperation during
the investigation, which the IDPA acknowledged in its final ruling.
Additionally, OpenAI’s establishment of a European headquarters in Ireland
during the investigation reportedly triggered the GDPR’s “one-stop shop” rule. This means
further inquiries into ongoing compliance
Compliance
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
In finance, banking, investing, and insurance compliance refers to following the rules or orders set down by the government regulatory authority, either as providing a service or processing a transaction. Compliance concerning finance would also be a state of being following established guidelines or specifications. This designation can also encompass efforts to ensure that organizations are abiding by both industry regulations and government legislation. Understanding ComplianceCompliance is a
Read this Term will be overseen by Ireland’s Data
Protection Authority.
“ChatGPT users and non-users should be made aware of
how to oppose the training of generative artificial intelligence with their
personal data and, therefore, be effectively placed in the position to exercise
their rights under the GDPR,” the regulator noted.
In April, OpenAI hosted hundreds of top executives
from Fortune 500 companies in San Francisco, New York, and London to pitch AI
services. The promotion involved an enterprise-grade version of OpenAI's
chatbot. This offering reportedly seeks to address specific needs across
different sectors.
The firm assured corporate clients that their data is
secure and will not be used to train its models. The AI firm is targeting
corporations in an effort to strengthen its revenue. Besides that, the
promotion seeks to expand the firm's services to new markets.
