Latest News, Updates, Tutorials and much more

Blog

Italy Bans ChatGPT Over Data Privacy Concerns

Italy Bans ChatGPT over Data Privacy Concerns

ChatGPT was launched publicly on November 30, 2022, by OpenAI. On March 31, 2023, Italy’s data regulator Garante temporarily banned ChatGPT over data security concerns. France, Germany, and Ireland could follow in Italy's footsteps.

What is ChatGPT?

ChatGPT is an artificial intelligence (AI) chatbot developed by San Francisco–based OpenAI, that can generate outstandingly human responses to text queries. It uses the generative pre-trained transformer (GPT) family of language models. ChatGPT uses both supervised learning as well as reinforcement learning and human trainers to improve the model's performance. Immediately after its release, ChatGPT became extremely popular in many countries.

Much data is needed to train the large language model. Any available data could be scraped from the web, social network posts, books, and other means to create the generative text system. Some of the data collected is the personal information you share about yourself online. In Europe, differently from the US, publicly available personal information is still considered personal information which belongs to individuals. This data is now making problems for OpenAI.

Previously, artists and media companies have complained that generative AI developers have used their graphical work without permission.

Italy Banned ChatGPT over Data Privacy Concerns

In Europe, citizens’ personal data is protected by the General Data Protection Regulation (GDPR), which is incorporated into national data protection laws of all European Economic Area countries. Compliance with the law is regulated by national data protection authorities.

While European parliamentarians disagree over the content and reach of the EU AI Act, some regulators say that existing laws, like GDPR, that give users control over their personal information, can apply to the rapidly emerging generative AI companies.

The Italian data privacy regulator Garante per la Protezione dei Dati Personali accused OpenAI of failing to check the age of ChatGPT users and the absence of any legal basis that justifies the massive collection and storage of personal data to train the chatbot.

Italy’s Garante found four problems that ChatGPT violates under the GDPR:

  1. It doesn’t have age control and parental consent systems, so children under the age of 13 could use ChatGPT.
  2. It can provide information about people that is inaccurate or even untrue.
  3. People haven’t been informed about their data was collected.
  4. There is no legal basis for collecting individuals’ personal information massively to train ChatGPT.

OpenAI has no offices in the European Union. It has not responded to regulators, instead, OpenAI has taken ChatGPT offline in Italy on March 31. The company also did not respond to questions for other European regulators regarding potential violations in their countries.

To collect individuals’ personal information in a GDPR-compliant way, there are two options: to inform users about the data collection and get their consent, or to prove that OpenAI has a “legitimate interest” to use individuals’ data. The company did not get users’ consent and even did not inform users about their data collection. It is hard to prove “legitimate interest” for the data collection, and this is not the case where it could be applied. Even if OpenAI’s Privacy Policy relies upon “legitimate interests” when it “develops” its service, the Privacy Policy doesn’t explain its legal reasons for using individuals’ personal information in the training process.

Not all decision-makers are in favor of the ban. Italy’s transport minister and leader of the League party, Matteo Salvini, called the ban “hypocritical” and “disproportionate”.

Italy is the first European country to ban a chatbot powered by artificial intelligence. And most probably not the last. Privacy regulators in France, Ireland, and Germany have reached out to Italy’s regulator to find out more about the basis of the ban. They could follow up with the Italian Garante. "We will coordinate with all EU data protection authorities in relation to this matter:” a spokesperson for Ireland's Data Protection Commissioner said.

Need to be GDPR compliant? Choose CookieScript Consent Management Platform, and we will take care of your website's GDPR and other privacy laws' compliance issues!

GPT-4, Google’s Bard, and Future of Chatbots Regarding Privacy Issues

Unlike GPT-3, OpenAI has not revealed any details of the training data that was used for GPT-4. It is believed the collected data is several times larger. However, GPT-4’s technical paper has a section on privacy, which says its training data may comprise “publicly available personal information.”  OpenAI takes steps to protect people’s privacy, stopping individuals from asking for personal information and removing personal information from training data where possible.

While the Italian regulator has only blocked ChatGPT so far, other AI platforms such as Google Inc's Bard could face similar data privacy troubles. Unlike OpenAI, Google is more likely to take that into account because of its history in Europe, the size of the company, and previous violations of the DGPR, followed by fines.

The EU is developing AI regulations, but so far there has been little action regarding AI and privacy. It is believed that the Italian ban on ChatGPT will force other generative AI developers to consider privacy issues at the initial stages of products development, including training of the systems.

Use CookieScript Consent Management Platform, which is easy to use and complies with major privacy regulations like GDPR, CCPA, and others.

Frequently Asked Questions

What is ChatGPT?

ChatGPT is an artificial intelligence (AI) chatbot developed by San Francisco–based OpenAI, that can generate outstandingly human responses to text queries. It uses the generative pre-trained transformer (GPT) family of language models. ChatGPT became extremely popular in many countries.

Why did Italy ban ChatGPT?

Italy’s Garante found four problems that ChatGPT violates under the GDPR: it doesn’t have age control and parental consent systems, so children under the age of 13 could use ChatGPT; it can provide information about people that is inaccurate or even untrue; people haven’t been informed about their data was collected; and there is no legal basis for collecting individuals’ personal information massively to train ChatGPT. Use CookieScript to comply with the GDPR and other privacy laws.

Which countries banned ChatGPT?

Italy is the first European country to ban ChatGPT over data privacy concerns. France, Germany, and Ireland could follow in Italy's footsteps. Use CookieScript to comply with the GDPR and other privacy laws.

Is ChatGPT allowed in China?

Despite being blocked by China's government, ChatGPT has become increasingly popular among Chinese users accessing the site via virtual private networks (VPNs) and other roundabout methods. Use CookieScript Consent Management Platform to comply with major privacy laws around the globe.

Is ChatGPT available on Android?

No, OpenAI doesn't offer an official Chat GPT app for Android. It could be only accessed on a PC by going to chat.OpenAI.com and logging in.

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.