Tracking the Explosive World of Generative AI

OpenAI's ChatGPT Suspended in Italy Amid Privacy and Cybersecurity Concerns

Italy's national data protection authority has issued a temporary ban on OpenAI's ChatGPT, citing privacy violations and non-compliance with the EU's GDPR.

Italy's national data protection authority has issued a temporary ban on OpenAI's ChatGPT. Photo illustration: Artisana

🧠 Stay Ahead of the Curve

Italy's national data protection authority imposes a temporary ban on OpenAI's ChatGPT, citing alleged privacy violations and non-compliance with GDPR.
The ban signifies a growing concern over AI-driven technologies, as regulators grapple with the potential risks surrounding privacy, cybersecurity, and disinformation.
This development underscores the need for global AI companies to address evolving privacy regulations and highlights the potential for future regulatory challenges in the rapidly advancing AI landscape.

By Michael Zhang

March 31, 2023

In a significant move by European regulators, Italy's national data protection authority issued a temporary ban on ChatGPT, the widely-used artificial intelligence tool developed by U.S. company OpenAI, due to alleged privacy violations.

The ban, which takes immediate effect, will persist until the company adheres to the European Union's landmark privacy law, the General Data Protection Regulation (GDPR). Following the Italian regulator's order, OpenAI disabled ChatGPT access in Italy.

Growing concerns regarding privacy, cybersecurity, and disinformation risks associated with ChatGPT have led to mounting calls for an investigation into OpenAI and a suspension of new ChatGPT releases. Notably, Tesla CEO Elon Musk and numerous AI experts this week urged a 6-month halt to further ChatGPT updates. On March 30, consumer advocacy group BEUC also requested that EU and national authorities, including data protection watchdogs, scrutinize ChatGPT.

The Italian authority asserted that OpenAI lacks a legal basis for "the mass collection and storage of personal data" used to train ChatGPT's algorithms, and accused the company of processing data inaccurately. Furthermore, it highlighted a recent data breach that exposed user conversations and payment information, as well as OpenAI's failure to verify user age, which puts minors at risk of exposure to unsuitable content.

Although OpenAI does not have an EU office, its European Economic Area representative has 20 days to outline the company's plan for compliance with EU privacy rules. Failure to do so may result in a penalty amounting to 4 percent of OpenAI's global revenue.

"We believe we comply with GDPR and other privacy laws," said a spokesperson for OpenAI. OpenAI CEO Sam Altman also took to Twitter to convey deference to the Italian government on the matter, adding that he eagerly anticipates visiting Italy again.