Italy Says ChatGPT Violates Data Protection Rules

Italy’s data protection regulator has informed OpenAI that its ChatGPT artificial intelligence (AI) chatbot may violate EU data protection rules.

The Garante regulator said OpenAI has 30 days to reply with defence briefs on the alleged violations, details of which were not disclosed.

OpenAI said it believes its practices are in compliance with EU data protection laws.

The regulator said it would take into account the ongoing work of a special task force set up by the European Union’s European Data Protection Board in April 2023 to monitor ChatGPT, which has become hugely popular since OpenAI launched it in November 2022.

The Board’s task force brings together data protection authorities from across the bloc.

Privacy concerns

Italy’s notice to OpenAI, called a “notice of objection”, comes after the country temporarily suspended ChatGPT in Italy in March 2023, the first Western country to do so.

At the time the Garante cited privacy concerns including the mass collection of users’ data to train the chatbot’s algorithm.

The regulator also expressed concern that younger users could be exposed to inappropriate content, as it included no age verification mechanism.

ChatGPT was restored to operation in Italy after about four weeks, with the Garante saying OpenAI had “addressed or clarified” the issues it had raised.


At the time the regulator launched a “fact-finding activity” which has now concluded that ChatGPT may violate the EU’s GDPR data protection regulation.

The Garante said in a statement that it “concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR”.

The regulation allows authorities to fine companies up to 4 percent of their global turnover.

In April 2023 the Garante said it wanted OpenAI to implement an age-verification system for ChatGPT and wanted Italians to be made more aware of their right to opt-out from having their personal data used to train algorithms.

Data protection

“We believe our practices align with GDPR and other privacy laws, and we take additional steps to protect people’s data and privacy,” OpenAI said in a statement.

The company said it “actively” works to reduce personal data in training systems such as ChatGPT, “which also rejects requests for private or sensitive information about people”.

The company said it would continue talks with the Garante.

ChatGPT is also under investigation by the US Federal Trade Commission (FTC) over concerns about the AI’s tendency to generate false results.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK CMA Seeks Feedback On Microsoft, Amazon AI Partnerships

British regulator invites feedback on major partnerships Microsoft and Amazon have struck with smaller AI…

5 hours ago

Google Fires More Staff Over Israel Protest

Another 20 staff have been fired by Google over Israel protest and their “completely unacceptable…

6 hours ago

Australian PM Hits Out At Elon Musk Over Knife Attack Video

Censorship row brewing down under, after the Australian Prime Minister calls Elon Musk an 'arrogant…

7 hours ago

US SEC Seeks $5.3 Billion Fine From Terra’s Do Kwon

Financial regulator asks New York judge to impose $5.3 billion in fines against Terraform Labs…

8 hours ago

Microsoft Launches Smallest AI Model, Phi-3-mini

Lightweight artificial intelligence model launched this week by Microsoft, offering more cost-effective option for Azure…

12 hours ago

US Senate Passes TikTok Ban Or Divestment Bill

ByteDance protest falls on deaf ears, as Senate passes TikTok ban or divest bill, with…

13 hours ago