Italy’s Garante imposes and then withdraws a ban on ChatGPT
On 28 April, the Garante, Italy’s Data Protection Authority, announced that it had reinstated ChatGPT in Italy because the company had cooperated in responding to the Garante’s concerns expressed in an Order dated 11 April.
On 31 March, the Garante imposed a temporary ban on Open AI’s ChatGPT. The regulator took action after having received a report on 20 March that a data breach had occurred affecting ChatGPT users’ conversations, and information on payments by subscribers.
When announcing an immediate temporary limitation on the processing of Italian users’ data by OpenAI, the US-based company developing and managing the platform, the Garante based its decision on:
- lack of information provided to users and data subjects whose data is collected by Open AI; and
- an insufficient legal basis underpinning the massive collection and processing of personal data in order to ‘train’ the algorithms on which the platform relies.
At the same time, the Garante launched an enquiry into the ChatGPT Service and the discussion with OpenAI is continuing.
The regulator overturned its initial ban as OpenAI responded to many of the Garante’s objections and applied them to its service across Europe.