Italy bans ChatGPT over privacy concerns

Move prompted by a recent data breach that exposed the personal information of ChatGPT users

Italy's privacy watchdog bans ChatGPT over privacy concerns

Image:
Italy's privacy watchdog bans ChatGPT over privacy concerns

Italy's data protection authority has temporarily banned the use of ChatGPT, a popular AI service from Microsoft-backed OpenAI, in the country while it investigates the US company's collection of personal data during a recent cybersecurity breach, among other concerns.

The move reflects a growing concern among policymakers and experts about the potential risks posed by AI services and their voracious appetite for user data.

The ban was prompted by a recent breach that exposed the personal information of ChatGPT users, including their names, addresses, credit card types and expiration dates.

"A data breach affecting ChatGPT users' conversations and information on payments by subscribers to the service had been reported on 20 March," the watchdog said.

"In its order, the Italian SA highlights that no information is provided to users and data subjects whose data are collected by Open AI; more importantly, there appears to be no legal basis underpinning the massive collection and processing of personal data in order to 'train' the algorithms on which the platform relies," it added.

The regulator also criticised OpenAI's failure to implement a filter to prevent children under 13 from using the service, exposing them to inappropriate content.

According to the privacy watchdog, the ban has come into force with immediate effect, bringing a "temporary limitation of the processing of Italian users' data vis-à-vis [ChatGPT's creator] OpenAI."

The regulator has directed the US firm to respond within 20 days about the actions taken to remedy this situation.

If the company fails to provide those details within the deadline, it may be subject to a fine of as much as €20 million.

"We have disabled ChatGPT for users in Italy at the request of the Italian Garante [the data protection authority]. We are committed to protecting people's privacy and we believe we comply with GDPR and other privacy laws," a spokesperson for OpenAI said.

The ban marks the first regulatory measure taken against ChatGPT, as policymakers worldwide endeavour to address the emergence of generative AI services.

Last week, more than 1,000 AI experts, researchers and professionals requested an immediate pause in the development of "giant" AIs for a minimum of six month amid concerns that companies such as OpenAI are developing increasingly powerful "digital minds" that no one can predict or reliably control.

Also last week, the Europol raised concern regarding the possible criminal use of ChatGPT, warning that such services have the potential to make a wide range of unlawful activities easier to commit.

OpenAI's ChatGPT has become one of the most popular chatbots in recent months, and one of the world's fastest-growing applications. It quickly gained worldwide attention after its release in November last year for its ability to mimic human-like interactions and hold engaging conversations.

Earlier this month, OpenAI unveiled GPT-4, claiming that it is more dependable, innovative and capable of processing significantly more complex commands than its predecessor, GPT-3.

ChatGPT's popularity has forced other tech firms to develop their own proprietary instruction-following models. Last month, Google announced its AI chatbot technology, "Bard", which it says will provide "fresh, high-quality responses" to users' queries by drawing on information from the web.

Commenting on the ChatGPT ban in Italy, Jake Moore, global cybersecurity advisor at ESET, said: "It is important to note that any information shared with ChatGPT during a conversation could potentially be stored and analysed by OpenAI.

"It is the responsibility of the company to ensure that safety measures are put in place to protect user privacy and comply with data protection regulations, however this is the grey area for many regions and countries. Furthermore, it is always recommended to exercise caution when sharing information online, especially personal information, regardless of the platform or service being used."

Dan Morgan, senior government affairs director, Europe & APAC at SecurityScorecard, noted: "The ban on ChatGPT in Italy due to data protection concerns underscores the importance of regulatory compliance for companies operating in Europe.

"To be successful in this region, businesses must prioritise the protection of personal data and comply with the stringent data protection regulations set forth by the European Union. Failure to do so not only results in legal consequences but also erodes consumer trust and can damage a company's reputation.

"As ChatGPT's ban shows, compliance with regulations is not an optional extra, but a fundamental requirement for doing business in Europe."