The order, which was issued on 31 March, follows a recent data breach affecting users’ chat histories and payment information.
ChatGPT (owned by OpenAI, a US company) has quickly become a household name and is known for abilities such as impressive content-rich responses to everyday questions, achieving outstanding results in exams and putting together compelling marketing pitches.
However, in order to operate, the powerful tool processes massive quantities of personal data, and the Garante has cited the following concerns:
This resolution follows an open letter that was published on 28 March 2023 calling on ‘all AI labs to immediately pause for at least 6 months the training of AI systems more powerful than GPT-4.’ This letter was signed by individuals such as Elon Musk and Steve Wozniak (Apple co-founder) and other interested parties including AI experts.
With this pressure from both the regulator and the industry, we may start to see a slowdown in the rapid pace implementation of AI tools.
OpenAI has 20 days from the date of the order to communicate to the Garante what measures it has taken to implement the Garante’s suggestions. If it fails to do so it could face GDPR levels of fine (up to EUR 20 million or up to 4% of annual global turnover).
For more information about employee data privacy