Italy Temporarily Bans ChatGPT

On Friday, March 31st, Italy temporarily banned ChatGPT, becoming the first Western country to do so.

A statement by the Italian data protection authority, GPDP, confirmed the ban and that it is launching an investigation into the company, stating "there appears to be no legal basis underpinning the massive collection and processing of personal data in order to 'train' the algorithms on which the platform relies."

The GPDP also emphasized concerns regarding the lack of an age verification mechanism, as this could potentially expose children to receiving responses that are inappropriate to their age. OpenAI states in its terms of service that it is for ages 13 and over, but there is nothing in place to enforce this.

OpenAI has been ordered to stop processing people's data locally with immediate effect, alluding to concerns that the company is breaching the European Union's General Data Protection Regulation (GDPR). The GDPR applies whenever EU users' personal data is processed, and OpenAI's model has been shown to be heavily analyzing this kind of information.

OpenAI has been given 20 days to respond to the order, backed up by the threat of penalties of €20 million or 4% of its total worldwide annual turnover if it fails to comply.

The ban on ChatGPT in Italy is significant because it represents the first regulatory action against the AI chatbot. In Europe, generative AI technologies currently fall under the broad regulations of the GDPR. However, the EU is preparing the world’s first legislation to govern AI usage in the hopes of better protecting consumers. Companies that violate the policies within this “AI Act” could face fines of up to €30 million or 6% of global annual turnover, whichever is larger.

The call by tech figures like Elon Musk for a six-month pause in developing large-scale AI systems underscores the significant risks that AI poses to society and the need for careful regulation to ensure these risks are managed appropriately.

Italy's ban on ChatGPT will remain until the GPDP investigation determines whether OpenAI is in compliance with GDPR. OpenAI isn’t off to a good start though — it recently experienced a cyber security breach that exposed user conversations and some financial details.