OpenAI has recently resumed its ChatGPT service in Italy after implementing new privacy controls to address concerns raised by the country’s data protection authority, Garante. The changes aim to ensure compliance with the European Union’s General Data Protection Regulation (GDPR), although the investigation into ChatGPT’s adherence to the GDPR in Italy is still ongoing.
Last month, Garante ordered a temporary stop-processing order on ChatGPT, citing concerns over potential breaches of EU data protection laws. OpenAI temporarily disabled the service for users with Italian IP addresses. After receiving a list of measures from Garante, OpenAI implemented changes such as age-gating, amendments to the legal basis for processing local users’ data, and expanded information for European and non-users.
Changes and regulations to allow ChatGPT to be back in Italy
Despite these changes, it remains unclear whether OpenAI’s efforts will resolve all the GDPR concerns raised. The legal basis for OpenAI’s processing of personal information in the past when the company was not transparent about its data usage remains a critical question.
In a help center article, OpenAI asserts that it processed personal data to train ChatGPT but claims it did not actively seek out personal information for training purposes. The company cites legitimate interests as its legal basis for collecting and using personal data in accordance with privacy laws like the GDPR.
The Italian DPA has acknowledged OpenAI’s efforts to comply with European data protection legislation but emphasizes that the investigation into the company’s compliance with GDPR is still ongoing. OpenAI is expected to implement an age verification system and conduct a local information campaign to inform Italians about their data processing and their right to opt out.