The inexorable march of ChatGPT through the marketing industry could be about the come to an abrupt halt if one leading EU data protection authority gets its way, amid claims that the technology is in serious breach of data protection legislation.
Fifteen months into the ChatGPT-fuelled revolution, it might be easier to find a marketing company which is not using the technology than one that is, but a ten-month investigation by Italy’s data protection authority, the Garante, alleges the chatbot contravenes GDPR.
It is well documented that ChatGPT has been developed by using data scraped off the public Internet, including the personal data of individuals. However, companies are not permitted to process people’s data in the EU without consent.
The EU’s top authority, the European Data Protection Board, has already launched a dedicated task force on ChatGPT, to “foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities”.
Details of the Italian authority’s draft findings have not been disclosed, but parent company OpenAI has been ordered to respond to the allegations by the end of next month.
In a statement, the Garante said: “[We have] notified breaches of data protection law to OpenAI, the company behind ChatGPT’s AI platform.
“Following the temporary ban on processing imposed on OpenAI by the Garante on March 30 last year, and based on the outcome of its fact-finding activity, the Italian DPA concluded that the available evidence pointed to the existence of breaches of the provisions contained in the EU GDPR. OpenAI may submit its counterclaims concerning the alleged breaches within 30 days.
“The Italian Garante will take account of the work in progress within the ad-hoc task force set up by the European Data Protection Board in its final determination on the case.”
This is not OpenAI’s first run-in with the Italian authorities; the Garante ordered a temporary ban on ChatGPT’s local data processing in April last year, which led to the chatbot being temporarily suspended in the market.
At the time, the authority said that it suspected ChatGPT to be breaching Articles 5, 6, 8, 13 and 25 of GDPR, including both the lack of a suitable legal basis for the collection and processing of personal data for the purpose of training the algorithms underlying ChatGPT; and the tendency of the AI tool to produce inaccurate information about individuals. It also flagged up child safety as a problem.
However, OpenAI managed to resume service of ChatGPT in Italy after taking steps to address some issues raised but the Italian authority said it would continue to investigate the suspected violations and has now arrived at preliminary conclusions.
The Italians are no slouches when it comes to enforcing GDPR, the Garante has issued 345 fines against breaches of the legislation since its implementation in May 2018. In comparison, the UK’s Information Commissioner’s Office has issued 14.
And, if OpenAI is found in breach of GDPR in Italy, the ruling is likely to come before the EDPB and affect its entire operation across the EU, as well as in the UK, which although no longer a member of the EU still operates the same legislation under UK GDPR.
The Garante could issue an order that requires changes to how data is processed to bring an end to confirmed violations. In this scenario, OpenAI will be forced to change how it operates or pull its service out of the EU.
In response to the Italian charges, OpenAI said: “We believe our practices align with GDPR and other privacy laws, and we take additional steps to protect people’s data and privacy.
“We want our AI to learn about the world, not about private individuals. We actively work to reduce personal data in training our systems like ChatGPT, which also rejects requests for private or sensitive information about people. We plan to continue to work constructively with the Garante.”
Related stories
Firms admit AI fears justified; 27% have even banned it
That was then, this is now… the world according to AI
What’s in store for 2024…for AI-driven marketing?
Marketers baulk at breakneck speed of AI deployment
AI will give us more time to think creatively, say CMOs
Industry launches Taskforce to tackle AI ethics concerns
Row over AI ‘light touch’ turns into chorus of disapproval
Generative AI threatened by unresolved martech issues