Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

ChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAI

Italian regulators told OpenAI that its ChatGPT artificial intelligence chatbot has violated GDPR.

OpenAI GDPR Violation

Italian regulators said they told OpenAI that its ChatGPT artificial intelligence chatbot has violated European Union’s stringent data privacy rules.

The country’s data protection authority, known as Garante, said Monday that it notified San Francisco-based OpenAI of breaches of the EU rules, known as General Data Protection Regulation.

The watchdog started investigating ChatGPT last year, when it temporarily banned within Italy the chatbot that can produce text, images and sound in response to users’ questions.

Based on the results of its “fact-finding activity,” the watchdog said it “concluded that the available evidence pointed to the existence of breaches of the provisions” in the EU privacy rules.

OpenAI has 30 days to reply to the allegations. It didn’t respond immediately to a request for comment. The company said last year that it fulfilled a raft of conditions that the Garante demanded to get the ChatGPT ban lifted.

The watchdog had imposed the ban after finding that some users’ messages and payment information were exposed and because ChatGPT didn’t have a system to verify users’ ages, allowing children to get answers from the AI tool that were inappropriate for their age.

It also questioned whether there was a legal basis for OpenAI to collect massive amounts of data used to train ChatGPT’s algorithms and raised concerns that the system could sometimes generate false information about individuals.

The growing popularity of generative AI systems like ChatGPT are also drawing increasing scrutiny from regulators on both sides of the Atlantic.

Advertisement. Scroll to continue reading.

The U.S. Federal Trade Commission opened an inquiry last week into the relationships between AI startups OpenAI and Anthropic and the tech giants that have bankrolled them — Amazon, Google and Microsoft. Competition regulators in the 27-nation EU and Britain, meanwhile, are also examining Microsoft’s OpenAI investments.

AI systems also face broader oversight in the EU, which is finalizing its groundbreaking AI Act, the world’s first comprehensive rulebook for artificial intelligence. The bloc’s 27 member states are expected to give their approval in a key vote Friday.

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...