Attention all tech companies !
Ensure you are compliant with GDPR requirements, especially when collecting and processing personal data of users, including minors. The recent case involving ChatGPT, a platform developed and managed by US company OpenAI, is a lesson to be learned.
Garante has accused ChatGPT of illegal collection of personal data and failure to verify the age of users under 13. Garante has ordered the temporary limitation of processing personal data of Italian users against OpenAI and opened an investigation. Garante noted a lack of transparency and a legal basis for mass collection and storage of personal data used to train the platform’s algorithms.
Furthermore, ChatGPT experienced a data breach regarding user conversations and payment information of subscribers. In this respect, on April 5th, 2023, a video conference meeting is scheduled between the Italian regulator, Garante, and ChatGPT to discuss the issue of processing Italian users’ data on the ChatGPT platform.
This case highlights the importance of privacy and security in the digital age and the consequences of non-compliance with regulations. OpenAI faces a potential fine of up to €20 million or 4% of its annual global turnover if it does not address the issues raised by Garante within 20 days.
All companies must review their data policies and practices to protect the privacy and rights of users. This is not only a legal obligation but also a matter of trust and reputation. Let’s ensure we get it right.
Aliant will update you of any new developments with regards to ChatGPT in Italy.