The data protection agency of Italy, also known as the Garante, set out different demands in a list on Wednesday to address its concerns over the services provided by ChatGPT and whether to allow the OpenAI-backed chatbot to run in the country.
Weeks earlier, Microsoft-backed OpenAI took ChatGPT offline in Italy. Soon the authority restricted its personal data processing and started to investigate a matter of breach of privacy.
The Data Protection Agency, Garante presented a list of “concrete” requests to be fulfilled by the end of the current month in an announcement on Wednesday.
When the regulator stated a few days ago that it was going to start an official inquiry into possible GDPR infringements, it instructed OpenAI to put it on hold ChatGPT. In a news declaration clarifying what OpenAI needs to do for it to revoke the ban, it states:
“OpenAI will have to comply by 30 April with the measures set out by the Italian SA [supervisory authority] concerning transparency, the right of data subjects — including users and non-users — and the legal basis of the processing for algorithmic training relying on users’ data. Only in that case will the Italian SA lift its order that placed a temporary limitation on the processing of Italian users’ data, there being no longer the urgency underpinning the order, so that ChatGPT will be available once again from Italy.”
An inquiry for clarification from OpenAI did not receive an immediate reply.
Italy is the initial country in the west of Europe to place restrictions on ChatGPT, despite the reality that the rapid growth of ChatGPT has drawn the interest of legislators and officials in other countries.
A number of experts believe that fresh laws need to be implemented in order to regulate artificial intelligence since it has a chance to affect national security, jobs, and education.
OpenAI is required to explain to Italian users “the methods and logic” behind the data processing that is necessary for ChatGPT to function, as required by the regulatory body.
The watchdog additionally requested that OpenAI offer tools so that individuals whose information has been affected, including non-users, can ask for the rectification of personal information that was produced by the service inaccurately or, in the event that rectification is not achievable, request the removal of the data.
Garante also suggested that OpenAI offer a “simple and accessible way” for non-users to voice objections to the processing of their private information for the sake of using its algorithms.
“OpenAI will have to make available easily accessible tools to allow non-users to exercise their right to object to the processing of their personal data as relied upon for the operation of the algorithms. The same right will have to be afforded to users if legitimate interest is chosen as the legal basis for processing their data,” it added.
A process for verification of age that may stop users under 13 years from using the site was also requested to be implemented by the corporation by the end of September.
Garante stated it was going to look into possible violations of data protection laws by OpenAI and had the authority to impose extra penalties if necessary, once the inquiry was complete.
Other European data watchdogs are taking an interest in the Italian action on ChatGPT and evaluating if stronger regulations for chatbots are required in addition to whether to coordinate.
The privacy regulator of the European Union has been approached by Spain’s data security body to look into concerns about privacy regarding ChatGPT.
Replika, an AI chatbot enterprise, was banned by the Italian authorities from collecting personal information from users in February due to potential risks to kids and other emotionally vulnerable people.