"Italy’s data protection authority has fined ChatGPT maker OpenAI a fine of €15 million ($15.66 million) over how the generative artificial intelligence application handles personal data.

The fine comes nearly a year after the Garante found that ChatGPT processed users’ information to train its service in violation of the European Union’s General Data Protection Regulation (GDPR).

The authority said OpenAI did not notify it of a security breach that took place in March 2023, and that it processed the personal information of users to train ChatGPT without having an adequate legal basis to do so. It also accused the company of going against the principle of transparency and related information obligations toward users.

“Furthermore, OpenAI has not provided for mechanisms for age verification, which could lead to the risk of exposing children under 13 to inappropriate responses with respect to their degree of development and self-awareness,” the Garante said.

Besides levying a €15 million fine, the company has been ordered to carry out a six-month-long communication campaign on radio, television, newspapers, and the internet to promote public understanding of how ChatGPT works.

This specifically includes the nature of data collected, both user and non-user information, for the purpose of training its models, and the rights that users can exercise to object, rectify, or delete that data."

#AI #GenerativeAI #EU #Italy #OpenAI #DataProtection #Privacy #ChatGPT