The Italian Data Protection Authority (Garante per la protezione dei dati personali) has taken sanctions against OpenAI over data protection failures related to the ChatGPT chatbot.

OpenAI must pay a €15m ($15.6m) fine and carry out a six-month public awareness campaign across Italian media. This campaign is aimed to educate the public on how ChatGPT operates, with a specific focus on the data collection practices involving both users and non-users for algorithm training.

The fine comes following the company’s failure to notify the Italian authority of a data breach it underwent in March 2023. This prompted the regulator to investigate how the ChatGPT developer processed personal data.

This investigation concluded that OpenAI had processed users’ data to train ChatGPT without first identifying an appropriate legal basis and violated the principle of transparency and related information obligations toward users.

The company is also accused of lacking mechanisms for age verification, which could lead to the risk of exposing children under 13 to inappropriate responses concerning their degree of development and self-awareness.

The sum of the fine was calculated by “taking into account the company’s cooperative attitude,” said the watchdog.

The Italian Data Protection Authority added that it forwarded the procedural documents to the Irish Data Protection Authority (DPC). The DPC is the lead supervisory authority under the EU’s General Data Protection Regulation (GDPR) and will continue investigating any ongoing infringements that have not been exhausted before the opening of OpenAI’s European headquarters.

This announcement comes a day after the European Data Protection Board (EDPB) published its opinion on the use of personal data for the development and deployment of AI models.

Read now: Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns

Source: https://www.infosecurity-magazine.com/news/italy-15m-fine-to-openai-chatgpt