Italy’s privacy Guarantor bans ChatGPT with immediate effect as it investigates its data privacy procedures. Credit: ProductionPerig/Shutterstock Italy’s data privacy regulator has banned ChatGPT over alleged privacy violations relating to the chatbot’s collection and storage of personal data. With immediate effect, the Guarantor for the protection of personal data has ordered the temporary limitation of the processing of data of Italian users by ChatGPT parent firm OpenAI until it complies with EU General Data Protection Regulation (GDPR) privacy laws. It has also launched an investigation into ChatGPT, the Guarantor said. The ban comes in the wake of an open letter in which Twitter owner Elon Musk and a group AI industry executives called for a six-month pause in developing systems more powerful than OpenAI’s newly launched GPT-4, citing potential risks to society.ChatGPT lacks “legal basis” for mass collection, storage of personal dataIn the provision, the privacy Guarantor noted the lack of information to users and all interested parties whose data is collected by OpenAI, along with the absence of a legal basis that justifies the mass collection and storage of personal data for the purposes of training the algorithms underlying the operation of the platform.“As evidenced by the checks carried out, the information provided by ChatGPT does not always correspond to the real data, thus determining an inaccurate processing of personal data,” it added. What’s more, the Authority pointed out the absence of a filter for verifying the age of users, exposing minors to “unsuitable answers” compared to their degree of development and self-awareness. According to the terms published by OpenAI, the service is aimed at people over the age of 13.“OpenAI, which does not have an office in the Union [EU] but has designated a representative in the European Economic Area, must communicate within 20 days the measures undertaken in implementation of what is requested by the Guarantor, under penalty of a fine of up to 20 million euros or up to 4% of the annual global turnover,” the privacy Guarantor wrote. Last week, OpenAI confirmed that a bug in an open-source library allowed some ChatGPT users to see titles from another active user’s chat history. The same bug may also have caused the unintentional visibility of payment-related information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window.Update: Italy’s Guarantor to conditionally lift ChatGPT banOn April 12, the Guarantor said it will lift its temporary ban on ChatGPT if OpenAI meets a set of data protection requirements by April 30. The Guarantor ordered that OpenAI will need to comply with measures concerning transparency, the right of data subjects – including users and non-users – and the legal basis for the processing for algorithmic training relying on users’ data. Only in that case will the regulator lift its order that placed a temporary limitation on the processing of Italian users’ data. Among the requirements are:An information notice describing the arrangements and logic of the data processing required for the operation of ChatGPT, along with the rights afforded to data subjectsThe removal of all references to contractual performance and with reliance on either consent or legitimate interest as the applicable legal basis for the processing of users’ personal data for training algorithmsAccessible tools that allow non-users to exercise their right to object to the processing of their personal data as relied upon for the operation of the algorithmsAn age gating system for the purpose of signing up to the serviceAn information campaign through radio, TV, newspapers, and the internet to inform individuals on use of their personal data for training algorithmsThe Guarantor said it will carry on its inquiries to establish possible infringements of the legislation in force and may decide to take additional or different measures if this proves necessary upon completion of the fact-finding exercise already under way. Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe