After being temporarily suspended in Italy due to concerns over potential breaches of the EU’s General Data Protection Regulation (GDPR), OpenAI’s generative AI chatbot, ChatGPT, is once again available to users in the country.
OpenAI has implemented a series of privacy controls, including age-gating and providing more information about the personal data being processed for training algorithms, in order to comply with the initial set of conditions set by Italy’s data protection authority.
Users in Italy are required to confirm they are 18+ or 13+ with consent from a parent or guardian to use the service. OpenAI has also provided mechanisms for Europeans to opt out of their personal data being used to train the AI and to have their data deleted.
However, it remains unclear whether these changes will be sufficient to resolve all GDPR concerns. Questions remain about the legal basis OpenAI had to process people’s information in the past, particularly when it was not being transparent about what data it was using.
OpenAI appears to be hoping that the new controls it has implemented will address the processing of new incoming personal data and that this will limit the objections being raised about its historical processing of regional personal data.
OpenAI’s ChatGPT was geoblocked for users with Italian IP addresses after the Italian data protection authority ordered a temporary stop-processing order on the service and opened an investigation into potential GDPR breaches. The regulator later issued a list of measures OpenAI had to implement to lift the suspension order, which included age-gating and amending the legal basis claimed for processing local users’ data.
The Garante has faced criticism for the intervention, and the EU’s regulators have agreed to launch a task force focused on ChatGPT to support investigations and cooperation on any enforcements.
