OpenAI said Friday (Dec. 20) that it will appeal a fine imposed by an Italian authority that alleged that the company violated the European Union’s General Data Protection Regulation (GDPR).
Italy’s data protection agency, the Garante, fined OpenAI 15 million euros (about $15.6 million), saying it found that the company used personal data to train ChatGPT without informing consumers, Reuters reported Friday (Dec. 20).
The agency also found that OpenAI did not have an adequate age verification system in place to prevent children from being exposed to inappropriate content, according to the report.
The Garante said that OpenAI cooperated with its investigation, and that its cooperation was taken into account when determining the amount of the fine, per the report.
Under the GDPR, companies can be fined up to 20 million euros (about $20.9 million) or 4% of their global turnover, the report said.
In addition to imposing the fine, the agency ordered OpenAI to begin a six-month campaign on Italian media to raise awareness about how the company collects data to train algorithms, per the report.
Reached by PYMNTS, an OpenAI spokesperson said in an emailed statement that the Garante’s decision is “disproportionate” and that the company will appeal.
“We believe the Garante’s approach undermines Italy’s AI ambitions, but we remain committed to working with privacy authorities worldwide to offer beneficial AI that respects privacy rights,” the statement said.
In an earlier action, in March 2023, Italy became the first Western country to outlaw ChatGPT after the Garante announced an investigation of the chatbot’s alleged breach of GDPR privacy rules and age-verification practices.
About a month later, in late April 2023, OpenAI said ChatGPT was again available in Italy after the company fulfilled the demands of the country’s data protection authority.
The OpenAI spokesperson referred to this incident in the Friday statement.
“When the Garante ordered us to stop offering ChatGPT in Italy in 2023, we worked with them to reinstate it a month later,” the statement said. “They’ve since recognized our industry-leading approach to protecting privacy in AI, yet this fine is nearly twenty times the revenue we made in Italy during the relevant period.”
In another, separate action involving the GDPR, the Dutch Data Protection Authority said Wednesday (Dec. 18) that it fined Netflix 4.75 million euros (about $4.95 million). The regulator said the company did not give its customers enough information about what it does with their personal data. Netflix said it objected to the decision.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More