30 January 2024

Italy’s watchdog finds OpenAI's ChatGPT in breach of privacy laws


Italy’s watchdog finds OpenAI's ChatGPT in breach of privacy laws

Italy's privacy regulator DPA (Garante per la protezione dei dati personali) said that OpenAI's ChatGPT tool and its data collection methods violate the country's privacy laws. The announcement came on Monday, following an investigation initiated by the authority in March of the previous year.

The Italian privacy regulator said in a statement that “the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR.”

Last year, the Italian watchdog imposed a temporary ban on ChatGPT within the country, claiming that ChatGPT had been illegally collecting user data and failing to protect minors. The regulator said at the time that there's no “legal basis” for OpenAI's mass collection and storage of data for training ChatGPT's model and that the app is not always processing the information correctly.

OpenAI responded to the ban by implementing various privacy controls and measures to address the concerns raised by the authorities.

Among the changes introduced were privacy controls, including an opt-out form designed to allow users to exclude their personal data from being processed by the large language model (LLM). Following these adjustments, access to ChatGPT was reinstated in late April 2023.

However, it seems that the Garante's latest findings suggest that the implemented measures may not have been sufficient to fully comply with the country's privacy laws and EU regulations.

OpenAI now has 30 days to respond to the regulator’s concerns.


Back to the list

Latest Posts

Morocco-based cybercriminals hack large retailers for gift card theft

Morocco-based cybercriminals hack large retailers for gift card theft

Microsoft reported a 30% increase in Storm-0539 intrusion activity between March and May 2024.
27 May 2024
Transparent Tribe APT targets Indian gov’t and defense sectors with cross-platform malware

Transparent Tribe APT targets Indian gov’t and defense sectors with cross-platform malware

Recent campaigns have seen the group using cross-platform programming languages such as Python, Go, and Rust.
27 May 2024
MITRE hackers created rogue VMs to evade detection

MITRE hackers created rogue VMs to evade detection

MITRE has concluded its internal cyberattack investigation.
27 May 2024