ChatGPT essay series | Regulators vs ChatGPT - Updated on the latest developments by regulators


The latest development on the Italian case: On 28 April, OpenAI restores the service in Italy to the satisfaction of the Italian Authority for improving transparency and the rights of European and non-European users. OpenAI explained that it had expanded the information to European users and non-users, that it had amended and clarified several mechanisms, and deployed amenable solutions to enable users and non-users to exercise their rights. Based on these improvements, OpenAI reinstated access to ChatGPT for Italian users. Read the authority's press release here.

Italian case: The discussion on ChatGPT seems to be incessant and, after the open letter to pause generative AI development - mentioned in our previous news, the Italian Data Protection Authority intervened directly. In fact, by means of an urgent measure, the Authority urged OpenAI to suspend the processing of personal data in Italy (here is the measure). 
"There is a lack of information, and this is the offence we are contesting against the company. But it is clear that there is also another issue: with Chatgpt and chatbots we have conversations, and in these conversations, we often tend to share a lot of our lives' - these are the words of Guido Scorza (member of the Board of the Authority) for La Repubblica.
Scorza goes on to explain that there is no disclosure and clear privacy policy on the processing of Italian users' personal data and '"you can ask ChatGPT when Paolo Rossi was born, and get an answer. This is personal data. Every question about people's lives is data processing. Not to mention the ones it treats 'wrongly''. The measure also highlights the absence of an appropriate legal basis in relation to the collection of personal data and their processing for the purpose of training the algorithms underlying the operation of ChatGPT, and the failure to verify the age of users.

Sam Altman (CEO of OpenAI) commented on Twitter: "We of course defer to the Italian government and have ceased offering ChatGPT in Italy (though we think we are following all privacy laws). Italy is one of my favorite countries and I look forward to visiting again soon!"

The initiative is autonomous (there is no coordination with other EU authorities) and does not directly require a stop on accessibility (however, access to the system is now denied), but on the processing of personal data (in any case, an indispensable means for the development and functioning of ChatGPT). The concurrent investigation could also lead to dismissal or to corrective measures or sanctions (from 2 to 4% of the turnover of the company accused of the offence), while OpenAI has 20 days to communicate how it plans on bringing ChatGPT into compliance with the measure. What should not be forgotten is the possible continued use (and Italian data processing) via VPN, but also that many companies (tech and non-tech) use GPT in their daily business (for instance by integrating the API from OpenAI and ChatGPT in their services), with a potential impact of the investigation on their activity. On 12 April, the Italian Data Protection Authority announced it will lift temporary limitation if OpenAI implements measures concerning transparency, the right of data subjects – including users and non-users -, and the legal basis of the processing for algorithmic training relying on users’ data (here a full explanation in ITA and ENG) - 30 April set as the deadline.

EU (European Data Protection Board - EDPB): European data protection authorities set up a task force to cooperate and exchange information on enforcing EU laws on ChatGPT maker: OpenAI. Read it here.

USA: the Department of Commerce’s National Telecommunications and Information Administration (NTIA) launched a request for comment (RFC) to advance its efforts to ensure artificial intelligence (AI) systems work as claimed – and without causing harm. The insights gathered through this RFC will inform the Biden Administration’s ongoing work to ensure a cohesive and comprehensive federal government approach to AI-related risks and opportunities. Read it here.

China: Under draft regulations released this week, Chinese tech companies will need to register generative AI products with China’s cyberspace agency and submit them to a security assessment before they can be released to the public. Read it here.

Canada: The Office of the Privacy Commissioner of Canada (OPC) has launched an investigation into OpenAI
The official page reads, "AI technology and its effects on privacy are a priority for my Office," says Privacy Commissioner Philippe Dufresne. "We need to keep up with rapidly evolving technological advances, and this is one of my main areas of interest as Commissioner".

The investigation was opened in response to complaints about the collection of personal data without consent, and no further details are available.

Do not miss our series on ChatGPT: