ChatGpt: Privacy Guarantor imposes 15 mln fine on data processing

The Garante della privacy closes the investigation into ChatGpt, the conversation software based on artificial intelligence, requiring the developer OpenAI to pay a fine of EUR 15 million and to carry out a six-month information campaign. According to a note, the Garante per la protezione dei dati personali (Garante for the protection of personal data) has closed the investigation that began in March 2023 - and after the EDPB (European Data Protection Board) published its opinion identifying a common approach to some of the most relevant issues relating to the processing of personal data in the context of the design, development and distribution of services based on artificial intelligence - by finding violations regarding the processing of personal data.

According to the Garante, the US company, which created and operates the generative artificial intelligence chatbot, not only failed to notify the Authority of the data breach suffered in March 2023, but also processed users' personal data to train ChatGPT without having first identified an adequate legal basis and violated the principle of transparency and the related information obligations towards users. In addition, OpenAI did not provide mechanisms for age verification, with the consequent risk of exposing children under the age of 13 to responses unsuitable for their level of development and self-awareness.