02 Apr 2023 By theguardian
Italy's privacy watchdog has banned ChatGPT, after raising concerns about a recent data breach and the legal basis for using personal data to train the popular chatbot.
The Italian Data Protection Authority described the move as atemporary measure "until ChatGPT respects privacy". The watchdog said it was imposing an "immediate temporary limitation on the processing of Italian users' data" by ChatGPT's owner, the San Francisco-based OpenAI.
OpenAI said on Friday it had disabled ChatGPT in Italy and that it complies with the EU's General Data Protection Regulation (GDPR).
"We are committed to protecting people's privacy and we believe we comply with GDPR and other privacy laws," said an OpenAI spokesperson, who added that the company limits the use of personal data in systems such as ChatGPT.
"We actively work to reduce personal data in training our AI systems like ChatGPT because we want our AI to learn about the world, not about private individuals."
ChatGPT has been a sensation since its launch last November due to its ability to generate plausible-sounding responses to questions, as well as creating an array of content including poems, academic essays and summaries of lengthy documents when prompted by users.
It is powered by a groundbreaking artificial intelligence system that is trained on a vast amount of information culled from the internet.
The Italian watchdog cited concerns about how the chatbot processed information in its statement.
It referred to "the lack of a notice to users and to all those involved whose data is gathered by OpenAI" and said there appears to be "no legal basis underpinning the massive collection and processing of personal data in order to 'train' the algorithms on which the platform relies".
The Italian watchdog also referred to a data breach suffered by OpenAI on 20 March, which partly exposed conversations and some users' personal details including email addresses and the last four digits of their credit cards.
The regulator said ChatGPT faced a loss of data "regarding the conversations of users and information related to the payment of the subscribers for the service". At the time OpenAI apologised and said it would "work diligently to rebuild trust".
The regulator also appeared to refer to ChatGPT's propensity for inaccurate answers, stating that "the information made available by ChatGPT does not always match factual circumstances, so that inaccurate personal data are processed".
Finally, it noted that "a lack of age verification exposes children to receiving responses that are absolutely inappropriate to their age and awareness, even though the service is allegedly addressed to users aged above 13 according to OpenAI's terms of service".
The Italian watchdog said OpenAI must report to it within 20 days on what measures it has taken on ensuring the privacy of users' data or face a fine of up to either Ă˘â€šÂ¬20m (£17.5m) or 4% of annual global revenue. OpenAI has been contacted for comment.
OpenAI, which developed ChatGPT, did not immediately return a request for comment on Friday.
The move is unlikely to affect applications from companies that already have licences with OpenAI to use the same technology driving the chatbot, such as Microsoft's Bing search engine.
The CEO of OpenAI, Sam Altman, announced this week that he is embarking on a six-continent trip in May to talk about the technology with users and developers.
That will include a stop planned for Brussels, where European Union lawmakers have been negotiating sweeping new rules to limit high-risk AI tools.