In March 2023, Italy’s data protection agency, known as Garante, issued an order to OpenAI, an American AI chatbot service, to halt the processing of data belonging to individuals in the country. The watchdog had suspected ChatGPT of violating the European Union’s General Data Protection Regulation (GDPR) and mandated the Silicon Valley firm to take action in order to revoke the order. Now Garante has set forth the requirements that OpenAI must meet in order to lift the ban.
OpenAI must provide evidence of security measures taken to protect user data, such as encryption and pseudonymization. The firm must also state its data protection policy and commit to complying with privacy regulations and procedures. Additionally, OpenAI must submit to Garante a full list of data subjects, providing specific information about who, what, and where their data is being processed.
OpenAI is a firm focused on developing cutting-edge artificial intelligence (AI) technology. The firm has been at the forefront of AI research, holding numerous patents related to machine learning, natural language processing, computer vision, and robotics. Founded in 2017, the firm serves clients such as Google, Facebook, and Apple by providing custom AI solutions. OpenAI’s mission is to develop safe and beneficial AI technology that will benefit people, society, and the environment.
The OpenAI founder and Chief Product Officer, Sam Altman, has reiterated OpenAI’s commitment to privacy and security. “We are committed to data protection and privacy and strive to meet all of the standards set by Garante,” Altman explained. “We are actively engaged with Garante and are working diligently to address their concerns and ultimately lift the restriction.”
Though the restriction will remain in place until OpenAI can prove to Garante that it can meet the necessary requirements and ensure the safety of customer data, the data protection agency has promised to be transparent throughout each stage of the process. By doing so, Garante hopes to ensure the safety and privacy of customer data in the EU and remain compliant with the GDPR.
