The Italian Data Protection Authority (Garante) is attempting to address the risks associated with artificial intelligence (AI) by taking enforcement actions against companies using AI-driven services. On March 30, 2023, the Garante issued a resolution on an urgent basis that imposed a temporary limitation on the processing of personal data of Italian users by OpenAI L.L.C. (“OpenAI”) via its ChatGPT service, an AI platform that can emulate and process human conversations.
The Garante cited concerns related to the inadequate legal basis for collecting and processing personal data, the lack of clear and complete information to users on the data collected, and the risk of processing inaccurate personal data due to the platform being unable to provide correct replies to questions directed to individual persons. In response, OpenAI requested a meeting with the Garante to address these issues, and following this meeting, a further resolution was issued suspending the imposed temporary restriction.
The resolution stipulated a number of conditions for OpenAI to meet, including obligations to provide users and other relevant data subjects clear and complete information about the processing of personal data, to create an appropriate age verification mechanism for users and to update the algorithm so that it provides accurate answers to questions of a personal nature. To ensure that these issues are addressed, the Garante will continue its inquiry, and if necessary, take additional action.
In addition, on April 13th, the European Data Protection Board launched a task force to foster cooperation and exchange information regarding potential enforcement actions related to the ChatGPT service.
OpenAI is a company specialized in AI-powered machine learning models. Founded in 2019, the company works with some of the world’s leading technology and research organizations to create powerful and cutting-edge AI solutions. OpenAI is an advocate for responsible AI, emphasizing transparency, ethical use of data, and the importance of safety, privacy and security when it comes to AI processes.
Giorgio Stringhe, the current president of the Garante, has been in the role since 2016 and is internationally recognized for his expertise in the field of data protection. Stringhe has actively played a part in enhancing the Italian Data Protection Law and was appointed as a member of the High-Level Expert Group on Artificial Intelligence, a group mandated by the European Commission to help shape the legal and ethical framework on AI technologies.
