Italy has become the first Western country to block access to the popular AI language model ChatGPT and has launched an investigation into its suspected violations.
This decision was made by the Italian Data Protection Authority, Garante, after concerns were raised about the platform's compliance with the EU's General Data Protection Regulation (GDPR).
ChatGPT is a powerful artificial intelligence tool developed by OpenAI that allows users to generate human-like responses to text-based prompts.
The platform has gained popularity worldwide but its use in Italy has raised concerns about potential privacy violations after a data breach at OpenAI which allowed users to view the titles of conversations other users were having with the chatbot.
Open AI risks facing a fine of 20 million euros if it doesn’t come up with remedies to the situation in 20 days.
Assured cooperation
OpenAI has responded to news of the investigation, saying that it is committed to GDPR compliance and that it is working to provide Garante with the information it has requested.
In a statement, OpenAI said: "We take data privacy and protection very seriously and are committed to complying with all applicable laws and regulations.
“We are working to provide the Italian Data Protection Authority with the information it has requested, and we will continue to cooperate with them as they conduct their investigation."
A video call is scheduled for tomorrow evening between representatives of #OpenAI and the Italian SA, following up on the reply letter sent by OpenAI to flag its willingness to promptly collaborate with #GarantePrivacy in order to comply with #GDPR pic.twitter.com/VSeXn4YW5A— Garante Privacy (@GPDP_IT) April 4, 2023
Investigation launched
The Italian Data Protection Authority (Garante) announced that it has launched an investigation into ChatGPT's compliance with GDPR and the EU's data protection laws.
The authority said it was concerned about "potential risks to individuals' fundamental rights and freedoms" due to the platform's "opaque" data collection and processing practices.
This investigation will examine whether ChatGPT's data collection and processing practices comply with GDPR requirements, including transparency, data minimisation and user consent.
Garante has also called on OpenAI to provide more information about how ChatGPT works and how it collects and processes user data.
We took ChatGPT offline Monday to fix a bug in an open source library that allowed some users to see titles from other users’ chat history. Our investigation has also found that 1.2% of ChatGPT Plus users might have had personal data revealed to another user. 1/2— OpenAI (@OpenAI) March 24, 2023
What is happening in other countries?
The UK and the EU are taking different approaches to regulate artificial intelligence (AI) with the UK focusing on principles and the EU proposing restrictive laws.
The UK proposals outline some key principles for companies to follow when using AI in their products, including safety, transparency, fairness, accountability and contestability.
The EU, which is proposing groundbreaking legislation, will heavily restrict the use of AI in critical infrastructure, education, law enforcement and the judicial system.
Meanwhile, the US has no formal rules to bring oversight to AI technology, although its National Institute of Science and Technology (NIST) has put out a national framework offering guidance on managing risks and potential harms.
China, where ChatGPT is not available, has introduced regulations on deep fakes, while several large tech companies in the country are developing alternatives.