OpenAI Ordered to Launch Public Awareness Campaign
In a recent development, Italy’s data protection agency, the Garante, has fined OpenAI 15 million euros ($15.7 million) and ordered the ChatGPT maker to launch a six-month public awareness campaign. The Italian Data Protection Authority (IDPA) conducted an investigation into the firm’s flagship artificial intelligence model and found several violations of the European Union’s General Data Protection Regulation (GDPR).
Investigation Findings
The IDPA’s investigation, which began in March 2023, revealed that OpenAI did not notify the agency about a data breach in March 2023. The watchdog also found that OpenAI processed users’ personal data to train ChatGPT without first identifying an adequate legal basis for the action. This violation of the principle of transparency and related information obligations toward users has resulted in the significant fine.
Adequate Age Verification Mechanisms
The IDPA investigation further revealed that OpenAI did not have adequate age verification mechanisms to prevent underage people from using its services. This is particularly concerning, as minors under 13 may be exposed to responses that are unsuitable for their level of development and self-awareness.
IDPA’s Statement on Investigation Findings
Furthermore, OpenAI has not provided mechanisms for age verification, with the consequent risk of exposing minors under 13 to responses that are unsuitable for their level of development and self-awareness.
Corrective and Sanctioning Measures
As part of its corrective and sanctioning measure, the IDPA has ordered OpenAI to conduct a six-month public awareness campaign across various media platforms. The campaign aims to promote public understanding and awareness of the functioning of ChatGPT, including:
- Data collection from users and non-users: OpenAI must inform users about how their data is being collected for the training of generative artificial intelligence.
- Rights exercisable by interested parties: Users must be aware of their rights to oppose the training of generative AI with their data and exercise their rights under the GDPR.
GDPR Fines
Companies that violate the GDPR can face significant fines, up to $20 million or 4% of their global turnover. However, OpenAI’s collaborative attitude during the investigation has reduced the fine’s size.
OpenAI’s European Headquarters Relocation
During the investigation, OpenAI moved its European headquarters to Ireland. The IDPA stated that its Irish counterpart, the Irish Data Protection Authority (DPC), has become the lead supervisory authority in continuing any investigations.
Related News
- OpenAI apologizes for outage after Apple update combines Siri and ChatGPT: Read more about OpenAI’s recent apology for an outage caused by an Apple update.
- Italy becomes first Western country to temporarily block ChatGPT over privacy concerns: Learn more about Italy’s decision to temporarily block ChatGPT due to privacy concerns.
Conclusion
The IDPA’s investigation and subsequent fine serve as a reminder of the importance of data protection in the development and deployment of artificial intelligence models. OpenAI must now launch a public awareness campaign to inform users about their rights and how their data is being used. The company must also ensure that it has adequate age verification mechanisms in place to prevent underage people from using its services.
Future Developments
The IDPA’s investigation began in March 2023, and the agency reached its conclusion after considering the Dec. 18 European Data Protection Board (EDPB) opinion on using personal data to develop and deploy AI models. It will be interesting to see how OpenAI implements the corrective measures ordered by the IDPA and whether this development has a significant impact on the company’s operations.
Subscribe to Our Crypto Biz Newsletter
Stay up-to-date with the latest news and trends in blockchain and crypto. Gain valuable insights to navigate the market and spot financial opportunities. Delivered every Thursday.
