OpenAI's ChatGPT service was recently ordered to discontinue operations in Italy due to suspected GDPR violations. The Italian Data Protection Agency (DPA) has put forth an ultimatum specifying the changes they require in order to revoke the order. OpenAI must increase transparency with regards to its data processing practices, issue an information notice, implement age-gating measures, verify the age of users, and provide users with the ability to exercise their rights.

OpenAI is required to specify which legal grounds it relies upon for processing individuals' data, and is unable to use contract performance as such. The company must therefore choose between obtaining user consent or relying on legitimate interests. Additionally, OpenAI must conduct an awareness campaign in Italy to notify users that their information is being processed to train its AIs.

To meet the agency's demands, OpenAI must complete most tasks before April 30th and migrate to a more resilient age verification system by May 31. They must have their updated age verification technology deployed by September 30.

The EU GDPR was introduced to protect one's personal data and ensure companies comply with data regulations. Its provisions are applicable to all EU countries and its main objective is to give consumers more control over their data. As OpenAI was unable to both confirm the age of users and provide comprehensive information on the security of data processing, the Italian data watchdog was left with no other option but to suspend the service.

It remains to be seen if OpenAI will be able to swiftly and accurately comply with the requests from the DPA. Should the company demonstrate that it is capable of meeting their demands, their service can be reinstated. Ultimately, companies must take their responsibilities regarding user data seriously or else face the consequences.



Other News from Today