OpenAI has been given a 30-day window to respond to the findings of the Italian data regulator, which concluded that the company may have violated European privacy laws. The Italian data protection authority, known as Garante, notified the San Francisco-based company of its conclusions on Monday. This latest development comes after the agency imposed a temporary ban on OpenAI’s large language model chatbot in 2023 for allegedly violating the European General Data Protection Regulation.
After OpenAI agreed to implement changes, including age verification and an opt-out form to remove personal data from the large language model, in-country access to the chatbot was restored in April. However, the Italian regulator’s review of these changes has revealed ongoing violations, prompting the agency to consider the findings of a European task force empaneled by the European Data Protection Board last April.
The scrutiny on OpenAI’s privacy practices is not limited to Italy, as the company is also facing investigations by data regulators in Germany, France, Spain, and Poland. This increased European scrutiny comes as the continent prepares to implement a comprehensive regulation on artificial intelligence. The AI Act will prohibit high-risk AI systems, such as emotion recognition, and facial data scraping from CCTV.
In response to the growing regulatory pressure in Europe, OpenAI introduced an updated privacy policy in December 2023. The revised policy provides information on the data collected by the company and how it is processed. It also gives OpenAI users the ability to object to the processing of their data for direct marketing or legitimate interest.
Despite these developments, OpenAI has not commented on the situation. It remains to be seen how the company will navigate the complex web of European data protection regulations and address the concerns raised by multiple national regulators. The outcome of this ongoing scrutiny could have significant implications for the use and regulation of AI technologies in Europe and beyond. As OpenAI navigates this challenging landscape, it will be closely watched by both industry observers and privacy advocates.