Italy Fines OpenAI €15 Million Over ChatGPT Data Privacy Violations

Italy Fines OpenAI €15 Million Over ChatGPT Data Privacy Violations

The Italian Data Protection Authority (GPDP) has imposed a €15 million fine on OpenAI, the developer of ChatGPT, following an investigation into the AI tool’s handling of personal data.

The GPDP found that OpenAI processed users’ personal data to train ChatGPT without obtaining adequate legal consent, violating transparency principles and information obligations under the General Data Protection Regulation (GDPR).

“OpenAI processed personal data without an appropriate legal basis and failed to meet transparency standards towards users,” the authority stated.

The GPDP also highlighted concerns over the platform’s lack of age verification, potentially exposing children under 13 to inappropriate content.

In addition to the fine, OpenAI must conduct a six-month public awareness campaign across radio, television, newspapers, and the Internet. The campaign, in collaboration with the GPDP, will inform the public about how ChatGPT collects and processes personal data, as well as how users can exercise their rights to object, rectify, or delete their information.

“This campaign will ensure that users and non-users are aware of how to prevent their personal data from being used to train AI models, thereby empowering them to assert their GDPR rights,” the GPDP said.

The fine marks the latest in a series of actions by European regulators against tech giants. Earlier this week, Meta was fined €251 million by the Irish Data Protection Commission over a 2018 data breach affecting 29 million Facebook users.

Similarly, the Dutch Data Protection Authority fined Netflix €4.75 million for inadequate transparency in data handling between 2018 and 2020.

Last year, Italy briefly banned ChatGPT, citing privacy concerns. The service resumed after OpenAI addressed key compliance issues, including allowing users to opt out of data collection for AI training.

With tech companies under increasing scrutiny across Europe, this wave of fines underscores the region’s commitment to enforcing stringent data protection laws.