Italy’s data protection agency, the Guarantor for the Protection of Personal Data (GPDP), has outlined rules for the reinstatement of OpenAI LP’s artificial intelligence chatbot ChatGPT which were banned two weeks ago due to concerns that the company was not compliant with the European Union’s General Data Protection Regulation (GDPR). OpenAI must comply with these regulations by April 30 in order to have the ban lifted.
OpenAI was initially suspended from operating in Italy due to concerns that it was processing the personal information of Italian citizens at a large scale without a legal basis. The GPDP expressed concerns about the training of their AI, as sensitive information like phone numbers, addresses etc. were being swept up and users could be put at risk. Additionally, AI models like ChatGPT can sometimes make “hallucinations,” meaning they can create false information, which could lead to them making up fake stories about actual people whose information was scraped from the internet.
In order for the GPDP to lift the ban, OpenAI must implementseveral measures such as providing an information website notice to both users and non-users on the logic and processing of the data and age-gating to prevent underage users from accessing the site. Additionally, users must be given the right to remove their personal information from the training of the AI, and OpenAI is required to make these tools easily accessible. Lastly, OpenAI must promote the fact that they are working with the GPDP in a national advertising campaign on radio, TV, newspapers and the internet. The GPDP may decide to take further actions if they discover any further infringements of the law.
OpenAI LP is a research laboratory based in San Francisco that was founded in December 2015 by machine learning experts Elon Musk, Sam Altman, Greg Brockman, Ilya Sutskever and Wojciech Zaremba. OpenAI’s mission is to develop artificial general intelligence (AGI) for the benefit of humanity, and it partners with companies such as Microsoft and AWS to develop their products.
The GPDP is headed by Antonello Soro, a public official from the National Anticorruption Authority, which is an independent, regulating body that deals with data protection activities in Italy. Soro was appointed to the regulator in 2018, with the goal of ensuring data privacy and compliance with GDPR regulations. He has shown a propensity for confirming the security of data storage practices and advancing public campaigns to increase public knowledge and compliance with GDPR regulations.
