Written by Haim Ravia and Dotan Hammer
The European Data Protection Board (EDPB) has announced the establishment of a dedicated task force for ChatGPT. Some see this as the EU’s first step towards creating a comprehensive privacy policy on artificial intelligence. The purpose of the task force is to promote cooperation and information sharing regarding enforcement action by data protection authorities of the member states of the European Union. According to one of the European Union’s data protection authorities, the goal of the task force is to create a general policy on the subject that will affect not only OpenAI but artificial intelligence in general.
In late March, the Italian data protection authority ordered OpenAI to temporarily block the processing of the personal data of Italians by ChatGPT. The order was issued amid concerns about the violation of data protection laws in Italy and a data breach incident reported on March 20, which included conversations with ChatGPT users and information about payments by subscribers to the service.
The authority in Italy emphasized that OpenAI does not inform users and data subjects whose data is processed by OpenAI, and there is concern that there is no legal basis for the massive collection and processing of personal information to “train” the algorithms on which the platform is based. The authority in Italy also believes that the information produced by ChatGPT is not always accurate, leading to the use of inaccurate personal information on data subjects. In addition, ChatGPT does not include a mechanism to verify the user’s age and may provide children with inappropriate answers for their age and level of awareness. According to the terms of use, ChatGPT is intended for users over the age of 13 only.
In response to the Italian data protection authority’s demand to comply with the directive within 20 days, OpenAI blocked access to the service for users from Italy and refunded the payments of Italians who purchased a subscription in March. OpenAI stated that it is committed to the privacy of its users and believes that ChatGPT operates in compliance with the GDPR and other privacy laws.
In late April, OpenAI announced that it has “addressed or clarified the issues” that the Italian data protection authority had raised, and that “ChatGPT is available again to our users in Italy”.
Click here to read the press release of the European Data Protection Board.
Click here to read the statement of the Italian data protection authority banning ChatGPT.