Last month, Garante, Italy’s data protection authority, issued instructions to OpenAI on how to comply with GDPR regulations and revoke an operation-halt order placed on ChatGPT.
The watchdog had raised concerns that the AI chatbot service violated GDPR rules and had ordered OpenAI to stop processing data belonging to Italian residents.
According to the latest directive from the regulator, OpenAI is required to be more transparent by issuing an information notice that comprehensively outlines its data processing protocols. The directive also stipulates that OpenAI must implement more rigorous age-verification procedures and age-gating mechanisms to prevent minors from using its technology.
OpenAI is also mandated to specify the legal justifications it employs for utilizing individual data to train its AI and is prohibited from relying solely on contract fulfillment. Therefore, OpenAI must choose between seeking user consent or depending on legitimate interests.
While OpenAI’s privacy policy currently cites three legal justifications, it appears to place greater emphasis on contract fulfillment when providing services like ChatGPT.
Additionally, OpenAI is required to enable users and non-users to exercise their rights concerning their data, including requesting the correction of any inaccurate information generated by ChatGPT or the deletion of their data.
Furthermore, the regulatory body has demanded that OpenAI allow users to object to the processing of their data to develop its algorithms. OpenAI must conduct a publicity campaign in Italy to alert individuals that their data is being utilized for training its AI system.
Garante has instructed OpenAI to complete most of these tasks by April 30. However, OpenAI has been given more time to fulfill the additional obligation of transitioning from its current age-gating child safety technology to a more robust age verification system.
OpenAI must submit a plan by May 31, 2023, outlining the adoption of age verification technology that can screen out users under 13 (as well as those aged 13 to 18 who have yet to obtain parental authorization). The deployment of this more robust system is scheduled for September 30, 2023.
On March 20, 2023, ChatGPT experienced a data breach that compromised users’ conversations and payment information of paid subscribers, as reported by the Italian National Authority for Personal Data Protection. As a result, the regulatory body temporarily banned the AI product, restricting OpenAI from processing the data of Italian users.
OpenAI announced on April 11, 2023, that it had launched a Bug Bounty Program to identify and address security vulnerabilities in its systems. The primary goal of this initiative is to identify and address security vulnerabilities in OpenAI’s systems while compensating security professionals for their contributions towards securing the company’s technology and operations.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
