Italy's privacy regulator DPA (Garante per la protezione dei dati personali) said that OpenAI's ChatGPT tool and its data collection methods violate the country's privacy laws. The announcement came on Monday, following an investigation initiated by the authority in March of the previous year.
The Italian privacy regulator said in a statement that “the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.”
Last year, the Italian watchdog imposed a temporary ban on ChatGPT within the country, claiming that ChatGPT had been illegally collecting user data and failing to protect minors. The regulator said at the time that there's no “legal basis” for OpenAI's mass collection and storage of data for training ChatGPT's model and that the app is not always processing the information correctly.
OpenAI responded to the ban by implementing various privacy controls and measures to address the concerns raised by the authorities.
Among the changes introduced were privacy controls, including an opt-out form designed to allow users to exclude their personal data from being processed by the large language model (LLM). Following these adjustments, access to ChatGPT was reinstated in late April 2023.
However, it seems that the Garante's latest findings suggest that the implemented measures may not have been sufficient to fully comply with the country's privacy laws and EU regulations.
OpenAI now has 30 days to respond to the regulator’s concerns.