Recently, the Italian Data Protection Authority (Garante) took action against ChatGPT, a popular Artificial Intelligence (AI) chatbot, by ordering the deactivation of the technology due to an alleged violation of the General Data Protection Regulation (GDPR). The decision left organizations in Europe who used the technology in confusion and raised question about the EU’s commitment to innovating with AI.
ChatGPT is a bot developed by OpenAI, a company dedicated to producing safe AI technologies for people. The chatbot was designed to help users interact with machines by first training the chatbot with data collected from users. Without this data, the chatbot cannot effectively and accurately do its job.
In response to the deactivation of the chatbot, the Garante released a “ToDo List” for OpenAI, asking for improvements that would enable the chatbot to be put back into operation. Namely, the list required information regarding the modalities and logic of data processing, as well as user consent for the use of the technology.
The order has been met with mixed reactions, particularly among organizations who rely on AI and other innovative technologies in order to remain competitive. Some have criticized the move while others have highlighted the need to ensure that user data is adequately protected, as mandated by the GDPR. In order to create a clearer and uniform understanding of the GDPR, it is hoped that the European Data Protection Board (EDPB) will release a statement on this issue.
OpenAI is a company based in Silicon Valley and co-founded by renowned entrepreneur and investor, Elon Musk. Initially, the company started with the goal of developing artificial general intelligence to “benefit humanity.” Over the years, it has gone on to develop various artificial technologies, including the popular ChatGPT chatbot.
The Garante is the Italian Data Protection Authority, an independent public authority in charge of ensuring the protection of all personal data processed within Italy. In case of GDPR violations and other questionable practices, the Garante is authorized to investigate, as well as to issue fines and other forms of sanction. The “ToDo List” issued by the Garante is one such sanction that is intended to help ensure the security of EU citizens’ data.
