The other day, I told you Bing Chat getting ads will finally start the ChatGPT privacy conversation we need to have. And it looks like I was wrong. Regulators were already looking into generative AI chatbots’ privacy practices. An Italian regulator has now ordered a ban on OpenAI’s ChatGPT in the country over privacy concerns.
This ban isn’t like the early ChatGPT bans from schools that wanted to prevent students from cheating on exams. This time it’s different, and it’s not surprising. As amazing as AI chatbots might be, we need clear, strong privacy practices in place. Companies like OpenAI, Microsoft, and Google will eat up tons of data to train their ChatGPT and other AI products. Right now, it’s open season on user data, and no one knows exactly where ChatGPT and similar AI solutions are collecting it from.
Italy’s Data Protection Authority (GPDP) ordered an immediate ban of ChatGPT in the region, saying OpenAI collects personal data unlawfully. Furthermore, OpenAI doesn’t have age verification in place. This makes the chatbot available to internet users under the age of 13.
The press release cites different aspects of OpenAI’s handling of user data. On the one hand, there’s the data breach that affected ChatGPT conversations and payment information. On the other hand, there’s OpenAI’s user data collection, including the massive collection of data for training the ChatGPT algorithms.
Here’s a snippet from a Google translation of the Italian-language press release:
A data breach affecting ChatGPT users’ conversations and information on payments by subscribers to the service had been reported on 20 March. ChatGPT is the best known among relational AI platforms that are capable to emulate and elaborate human conversations.
In its order, the Italian SA highlights that no information is provided to users and data subjects whose data are collected by Open AI; more importantly, there appears to be no legal basis underpinning the massive collection and processing of personal data in order to ‘train’ the algorithms on which the platform relies.
The GPDP also notes that the information ChatGPT provides isn’t always factual and that the service is available to minors.
OpenAI will have to stop making ChatGPT available in the country. The company has 20 days to comply with the order and take additional measures to meet the GDPD’s requirements. The Italian regulator will continue its investigation into ChatGPT. OpenAI risks fines of up to €20 million ($21.78 million) or 4% of its annual turnover.
I wouldn’t be surprised to see other privacy watchdogs, especially from European Union countries, go after ChatGPT and other AI chatbots in the near future. The EU has strong privacy laws in place that all tech products must enforce. That includes generative AI products. It’ll also be interesting to see what happens with Bing Chat and Google Bard in the EU when it comes to user privacy.