OpenAI finally received a primary to-do list to get the ChatGPT ban lifted in Italy. The data protection watchdog of the country has updated OpenAI on what it needs to do to get over the suspension that ChatGPT received at the end of March. It’s being said that this AI language module breached the European Union’s General Data Protection Regulation (GDPR). Given this allegation, Italy’s data protection department banned OpenAI’s ChatGPT, preventing the tool from processing locals’ data.
OpenAI, however, took the order seriously and implemented geoblocking to prevent Italian users from accessing ChatGPT. The CEO of OpenAI, Sam Altman, posted a confirmation tweet after halting ChatGPT’s services in Italy. In the said tweet, the CEO mentioned that they are abiding by all privacy laws.
The Garante’s Take
Italy’s Garante believes that large AI language models like GPT need to scrutinize a vast pool of data. Thus, it is bound to adhere to the EU’s GDPR since it applies whenever personal data is processed. Given this, the new compliance guidelines of the Italian watchdog have asked OpenAI to publish a transparent information notice briefing its data processing.
ChatGPT will have to provide users with access to objects to OpenAI’s data processing methodology for training its algorithms.
Furthermore, the tool must implement age-gating technology and other age-verification methods to prevent minors from using it. In addition, OpenAI needs to come up with a clarification about the legal basis that it claims to rely on when processing people’s data to train its AI.
The regulator doesn’t permit OpenAI to rely on the performance of a contract. As such, the AI will have to choose between legitimate interests or consent.
The guidelines also state that ChatGPT will have to offer ways for non-users and users to exercise rights over their personal data. It will include the correction permission for disinformation generated by the tool.
The organization also needs to conduct a local awareness campaign to inform the citizens of Italy that its AI intelligence model will process their information for training purposes.
The Italian watchdog has given a stipulated deadline to OpenAI for implementing the said conditions. The organization will have to implement most of the suggested corrections by 30th April 2023. However, the proposed television, radio, and internet awareness campaign has received a little relaxed timeline – 15th May 2023.
The proposed age-gating child safety technology implementation is also needed to be integrated at the earliest.
Presently, the authority has granted time up to 31st May 2023 to submit a plan for the age verification integration, designed to filter out under-aged users (below 13). Users from 13-18 will have to obtain parental control for using ChatGPT. The authority expects the systems to be placed within 30th September 2023.
The Garante has further narrowed down two alternatives that OpenAI will have to work on. First, the organization must stipulate that it will immediately wipe off all references to the performance of a contract to maintain an accountable alignment with the GDPR’s principles. Next, OpenAI will have to cite all of the grounds suggested by the Italian security authority to maintain adherence to the contract to continue providing services like ChatGPT.
This will be without prejudice to exercise the SA’s investigation and enforcement powers in this respect.The Italian Garant
It seems that Garante has designed the measures to prevent the chances of data breaching caused by artificial intelligence models like ChatGPT. OpenAI, however, hasn’t disclosed yet how its organization is going to address this issue and how soon it will be implementing the suggested security measures.