Italy Hits OpenAI with €15M Fine, Mandates AI Education Campaign

OpenAI’s ChatGPT is facing a steep €15 million fine
from Italy’s data protection authority. The penalty involves alleged data
breach and misuse of personal information.

According to a statement by the regulator, the
investigation began in March 2023 after a data breach involving ChatGPT raised
concerns. The Italian Data Protection Authority (IDPA), also known as the
Garante, uncovered several violations, including OpenAI’s failure to notify the
breach and its use of personal data to train its AI model without an adequate
legal basis.

Age Verification Mechanism

These actions, the IDPA said, violated principles of
transparency under the General Data Protection Regulation (GDPR). Further
concerns arose about the lack of effective age verification mechanisms, leaving
minors under 13 exposed to potentially inappropriate responses from the
chatbot.

“OpenAI has not provided mechanisms for age
verification, with the consequent risk of exposing minors under 13 to responses
that are unsuitable for their level of development and self-awareness, the
regulator wrote.

The IDPA has now ordered OpenAI to execute a six-month
public information campaign across radio, television, newspapers, and online
platforms. The campaign aims to educate the public on how generative AI works,
the data it collects, and how users can exercise their GDPR rights, such as
data rectification or opposition.

The fine reflects OpenAI’s partial cooperation during
the investigation, which the IDPA acknowledged in its final ruling.
Additionally, OpenAI’s establishment of a European headquarters in Ireland
during the investigation triggered the GDPR’s one-stop shop rule. This means
further inquiries into ongoing compliance will be overseen by Ireland’s Data
Protection Authority.

“ChatGPT users and non-users should be made aware of
how to oppose the training of generative artificial intelligence with their
personal data and, therefore, be effectively placed in the position to exercise
their rights under the GDPR, the regulator noted.

Expect ongoing updates as this story evolves.

OpenAI’s ChatGPT is facing a steep €15 million fine
from Italy’s data protection authority. The penalty involves alleged data
breach and misuse of personal information.

According to a statement by the regulator, the
investigation began in March 2023 after a data breach involving ChatGPT raised
concerns. The Italian Data Protection Authority (IDPA), also known as the
Garante, uncovered several violations, including OpenAI’s failure to notify the
breach and its use of personal data to train its AI model without an adequate
legal basis.

Age Verification Mechanism

These actions, the IDPA said, violated principles of
transparency under the General Data Protection Regulation (GDPR). Further
concerns arose about the lack of effective age verification mechanisms, leaving
minors under 13 exposed to potentially inappropriate responses from the
chatbot.

“OpenAI has not provided mechanisms for age
verification, with the consequent risk of exposing minors under 13 to responses
that are unsuitable for their level of development and self-awareness, the
regulator wrote.

The IDPA has now ordered OpenAI to execute a six-month
public information campaign across radio, television, newspapers, and online
platforms. The campaign aims to educate the public on how generative AI works,
the data it collects, and how users can exercise their GDPR rights, such as
data rectification or opposition.

The fine reflects OpenAI’s partial cooperation during
the investigation, which the IDPA acknowledged in its final ruling.
Additionally, OpenAI’s establishment of a European headquarters in Ireland
during the investigation triggered the GDPR’s one-stop shop rule. This means
further inquiries into ongoing compliance will be overseen by Ireland’s Data
Protection Authority.

“ChatGPT users and non-users should be made aware of
how to oppose the training of generative artificial intelligence with their
personal data and, therefore, be effectively placed in the position to exercise
their rights under the GDPR, the regulator noted.

Expect ongoing updates as this story evolves.

This post is originally published on FINANCEMAGNATES.

  • Related Posts

    Week in Review: 5 Key Takeaways from IG’s FY25 Results, London Stock Exchange 24/7 Trading Dilemma

    Cyprus hit by wildfires In our weekly review, we start with the effects of wildfires in Cyprus. A devastating wildfire in southern Cyprus killed two people, injured at least ten,…

    XM, IC Markets, Tickmill: CFD Brokers Step Up Support Amid Cyprus Wildfires

    Cyprus is dealing with ongoing wildfire flare-ups in the Limassol district following a large blaze that began near the village of Malia on Wednesday afternoon and spread rapidly, challenging early…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    XAU/USD Meaning And Why Gold Is Traded Like a Currency?

    • July 26, 2025
    XAU/USD Meaning And Why Gold Is Traded Like a Currency?

    What Does It Mean When a Country Cuts Interest Rates?

    • July 26, 2025
    What Does It Mean When a Country Cuts Interest Rates?

    What Is the Difference Between MT4 and MT5 for Beginners?

    • July 26, 2025
    What Is the Difference Between MT4 and MT5 for Beginners?

    Wolves vs. Sheep: Is the Dollar’s Crash Your Biggest Trading Opportunity Yet?

    • July 26, 2025
    Wolves vs. Sheep: Is the Dollar’s Crash Your Biggest Trading Opportunity Yet?