OpenAI Fined €15M in Italy for Violating ChatGPT Transparency Rules
Italy’s data agency fined OpenAI €15 million for using personal data to train ChatGPT without a proper legal basis, violating transparency regulations. The investigation is now closed.
On Friday, Italy’s data protection agency said that OpenAI had been fined 15 million euros ($15.58 million) for using personal data. The investigation into how the generative AI app used data was over.
The authority imposed the fine after discovering that OpenAI “trained ChatGPT without having a sufficient legal basis and in violation of the principle of transparency and the related information obligations towards users.” The OpenAI company called the decision “unfair,” and they will appeal.
The investigation, which began in 2023, also found that the U.S. company did not have a good enough system to ensure that children younger than 13 were not seeing inappropriate content made by AI, the authority said.
The Italian watchdog also told OpenAI to run a six-month campaign in Italian media to teach people how ChatGPT works, especially how it collects data on users and people who don’t use it to train algorithms.
Garante, Italy’s government agency, is one of the most proactive in the European Union regarding whether AI platforms follow the bloc’s rules on data privacy. Last year, Italy temporarily banned the use of ChatGPT due to concerns that it violated EU privacy regulations.
OpenAI Resolves Data Privacy Issues, Restores Service
Microsoft-backed OpenAI fixed issues with things like users’ rights to refuse the use of personal data for algorithm training, leading to the reactivation of the service.
“They’ve since recognized our industry-leading approach to protecting privacy in AI, yet this fine is nearly twenty times the revenue we made in Italy during the relevant period,” OpenAI stated, adding that Garante’s strategy “undermines Italy’s AI ambitions.”
For its 15-million-euro fine, the government said it took OpenAI’s “cooperative stance” into account. This suggests the fine could have been even bigger. This year, the EU passed the General Data Protection Regulation (GDPR). A company that violates the rules faces a fine of up to 20 million euros, equivalent to 4% of its global turnover.
