The Italian data protection authority has become the first Western country to block the advanced chatbot ChatGPT, created by US start-up OpenAI and backed by Microsoft, over concerns relating to user privacy.
The regulator stated that it would ban and investigate OpenAI “with immediate effect” due to a data breach involving user conversations and payment information that occurred on March 20th, for which there was no legal basis to justify the mass collection and storage of personal data.
The regulator is also concerned that the app exposes minors to unsuitable answers compared to their degree of development and awareness, as there is no way to verify the age of users.
Millions of people have used ChatGPT since its launch in November 2022, and Microsoft has spent billions of dollars on it, adding it to Bing last month and planning to embed a version of the technology in its Office apps, including Word, Excel, PowerPoint and Outlook. Bard, Google’s rival artificial intelligence chatbot, is now available only to specific users over the age of 18 due to similar concerns.
The Italian watchdog has given OpenAI 20 days to address the concerns or face a fine of €20 million ($21.7m) or up to 4% of annual revenues.
The Irish data protection commission is following up with the Italian regulator to understand the basis for their action and will coordinate with all EU data protection authorities in connection to the ban.
The UK’s independent data regulator, the Information Commissioner’s Office, stated that it would support developments in AI but also challenge non-compliance with data protection laws.
The ban highlights the importance of regulatory compliance for companies operating in Europe, according to Dan Morgan, from cybersecurity ratings provider SecurityScorecard.
Insufficient Regulation in Place, Experts Warn
BEUC Urges EU and National Authorities to Investigate ChatGPT and Similar Chatbots Over Consumer Protection Concerns
Consumer advocacy group BEUC has called on EU and national authorities, including data protection watchdogs, to investigate advanced chatbot ChatGPT and similar systems following a complaint filed in the US.
Although the EU is currently developing the world’s first legislation on AI, BEUC is concerned that it could take years before the AI Act can take effect, leaving consumers at risk of harm from a technology that is not sufficiently regulated.
Ursula Pachl, deputy director general of BEUC, has warned that society is currently not protected enough from the harm that AI can cause.
“There are serious concerns growing about how ChatGPT and similar chatbots might deceive and manipulate people. These AI systems need greater public scrutiny, and public authorities must reassert control over them,” she said.
ChatGPT is already banned in several countries, including China, Iran, North Korea, and Russia. OpenAI, the start-up behind ChatGPT, said that it had disabled the chatbot for users in Italy at the request of the Italian data protection regulator, Garante.
The organization expressed their dedication towards safeguarding individuals’ privacy, stating their belief that they adhere to GDPR and other relevant privacy regulations.
The organization stated that they actively work towards minimizing the use of personal data when training AI systems, such as ChatGPT. Their intention is for their AI systems to acquire knowledge about the world, rather than individual’s private information.
Furthermore, the organization believes that implementing regulations for AI is crucial. Therefore, they eagerly anticipate working closely with the Garante, and educating them on the development and application of their systems.
OpenAI expresses their enthusiasm in reinstating ChatGPT availability in Italy, promising to do so in the near future.