Garante, the Italian data protection regulator, has outlined the steps OpenAI must take to revoke an order imposed on ChatGPT which includes mandating increased transparency and age verification measures to protect user privacy.
The directive was issued in March of 2023. The watchdog suspected the artificial intelligence (AI) chatbot service of violating the General Data Protection Regulation (GDPR) of the European Union and ordered the U.S.-based company to cease processing the data of EU citizens.
The regulator’s press release stipulates that OpenAI must increase its transparency and publish a detailed notice describing its data processing practices. In addition, the statement mandates that OpenAI promptly implement age-gating measures to prevent access to its technology by minors and adopt more stringent age verification procedures.
OpenAI must specify the legal justifications for processing personal data in order to train its artificial intelligence and cannot rely on contract performance.
This means that OpenAI must decide whether to obtain user consent or rely on legitimate interests. OpenAI’s current privacy policy specifies three legal bases. Still, the performance of a contract is given greater weight when providing services such as ChatGPT.
In addition, OpenAI must enable users and non-users to exercise their rights to their data, such as requesting corrections for any inaccurate information generated by ChatGPT or deleting their data.
In addition, the regulatory agency required OpenAI to enable users to object to the data being used to train its algorithms. In addition, OpenAI is needed to conduct an awareness campaign in Italy to inform individuals that their data is being used to train its artificial intelligence systems.
Garante has set April 30 as the deadline for OpenAI to complete the majority of these duties. OpenAI has been granted additional time to meet the extra demand of migrating from the current age-gating child safety technology to a more robust age verification system.
OpenAI has until May 31 to submit a proposal outlining the implementation of age verification technology that excludes users younger than 13 (and those aged 13 to 18 who have not obtained parental consent). September 30 is the deadline for deploying this more resilient system.
Microsoft-backed OpenAI took ChatGPT inactive in Italy on March 31 in response to concerns raised by the national data protection agency regarding potential privacy violations and failure to verify the age of users.