This is according to the Italian data protection agency Garante, which said ChatGPT collects data in a way that is incompatible with Italian and European data protection laws. This comes about a month after Italy banned ChatGPT, becoming the first country in the Western world to block the advanced chatbot over privacy issues. (Related: Italy bans ChatGPT over privacy concerns.)
Garante said ChatGPT has been scraping people's names and email addresses and using this data without their consent. The privacy watchdog gave OpenAI, the owner of ChatGPT, until April 30 to comply with the law. To this end, Italy laid out several requirements for OpenAI to continue operating the chatbot.
First, OpenAI must publish an information notice detailing how it scrapes and processes data; second, ChatGPT must create an age verification process to prevent minors from accessing the chatbot; third, ChatGPT must provide sufficient proof that the chatbot has a "legitimate interest" for processing people's data; and fourth, OpenAI must conduct a local awareness campaign to properly inform Italians about how ChatGPT uses their data and must give users in the country ways to correct mistakes about them that the chatbot writes down, to have their data erased if they so choose and to object to letting the chatbot use their data.
If OpenAI does not respond to Garante by April 30, it will pay a fine of 20 million euros ($21.94 million) or up to four percent of the company's annual revenue, which means the company might pay up to $40 million.
All eyes are now on OpenAI's arguments to the Italian data protection authorities. If the company is unable to convince Garante that its data usage practices are legal, this could lead to a domino effect. Enforcement of the European Union's General Data Protection Regulation, the world's strictest data protection law, could mean the banning of ChatGPT in multiple other European countries.
Privacy regulators in France and Ireland have already contacted their counterparts in Italy to gain more insight into the nation's rationale for its ban on ChatGPT.
"We will collaborate with all EU data protection authorities regarding this issue," said a spokesperson for Ireland's Data Protection Commission.
In Germany, the Federal Commission for Data Protection and Freedom of Information has expressed concerns over data security and has hinted that the country might pass its own restrictions on ChatGPT.
The EU's own European Data Protection Board has already set up a task force to investigate ChatGPT, an important first step for the bloc toward creating a common continent-wide policy on setting privacy rules on artificial intelligence. The task force was created following a request from Spain's own data protection agency for some kind of bloc-wide intervention.
The effects of ChatGPT's data scraping may also extend outside of the European Union. In Latin America, for example, the Senate of Brazil has recommended the passage of measures to protect citizens' rights and to lay out proper measures for informing individuals when they are interacting with AI systems. The proposal includes provisions for the protection of personal data and for non-discrimination systems to be implemented.
Learn more about artificial intelligence programs like ChatGPT at Computing.news.
Watch this video discussing whether ChatGPT has already been corrupted.