Italy fines OpenAI $15M over data protection, privacy breaches
Italy's data protection agency has fined OpenAI approximately $15.7 million (15 million euros) and instructed the company to conduct a six-month public awareness campaign following a data collection investigation related to its AI model, ChatGPT. The Italian Data Protection Authority (IDPA) reported that OpenAI failed to notify them of a data breach in March 2023 and improperly processed users' personal data without establishing a sufficient legal basis, violating user transparency obligations. The IDPA noted a lack of adequate age verification systems, which could expose minors under 13 to inappropriate content. Thus, OpenAI must run an information campaign emphasizing user data rights, including opposition, rectification, and cancellation options under the European Union's General Data Protection Regulation (GDPR). The fine's amount was reduced due to OpenAI's cooperative approach during the investigation, during which the company relocated its European headquarters to Ireland, where the Irish Data Protection Authority becomes the lead in any continued inquiries.
Source 🔗