Italy’s data protection authority, the Garante, has imposed a €15 million ($15.66 million) fine on OpenAI, the maker of ChatGPT, for violating the European Union‘s General Data Protection Regulation (GDPR). The fine follows a ruling that OpenAI processed personal data to train its AI models without obtaining proper consent or having a legal basis to do so. The authority also cited OpenAI’s failure to notify authorities about a data breach that occurred in March 2023, further exacerbating the violation. The company has been accused of not being transparent with users about its data collection practices, which is a core principle under GDPR.
The fine also addresses OpenAI’s failure to implement age verification mechanisms for its platform, leaving children under 13 at risk of exposure to inappropriate content. This lack of safeguards, according to the Garante, highlights a significant vulnerability in how OpenAI operates its service, potentially endangering younger audiences who may interact with the AI without proper oversight.
In addition to the monetary fine, the Garante has ordered OpenAI to conduct a six-month public awareness campaign. This campaign will educate users on how ChatGPT collects and uses personal data, including both user and non-user information. It will also explain users’ rights under GDPR, such as the ability to object to, rectify, or delete personal data, and inform the public about how generative AI models work. This campaign will span across radio, television, newspapers, and the internet.
OpenAI has expressed dissatisfaction with the fine, calling it disproportionate. The company has stated that it intends to appeal, noting that the penalty is nearly 20 times the revenue OpenAI generated in Italy during the period in question. Despite the fine, OpenAI reiterated its commitment to offering AI services that comply with privacy regulations and respect users’ rights. The ruling follows previous actions, including Italy’s temporary ban on ChatGPT in March 2023, which was lifted after OpenAI addressed the concerns raised by the Garante.
