Yesterday OpenAI met with the Italian Guarantor for the protection of personal data, to address the privacy concerns that led to the temporary blocking of ChatGPT in Italy. The artificial intelligence chatbot was blocked by the same American company, as a precautionary measure, after some users' messages and payment information were exposed to others in a (disastrous) data breach on March 20th.
This is the first case in which a democracy has imposed a blockade on an AI platform of this magnitude. An operation itself not without controversy and shadows. Either way, OpenAI has promised to propose steps to address the concerns, though they haven't been fully detailed yet. The news comes straight in a note on the same official website of the Italian authority.
Let's talk
In yesterday's video call between the commissioners of the Guarantor and the managers of OpenAI, including the CEO Sam altman, we have witnessed the first real lightening in this whole affair which is keeping (I'm not joking) companies and individuals in suspense (and the mouse on VPNs, whose registrations have skyrocketed). For its part, Altman's company has promised to present measures to address the concerns. The Guarantor, however, underlined the importance of compliance with the rigorous privacy regulations of the 27 EU countries. In particular, he questioned the legal basis for collecting huge amounts of data used to train algorithms Chat GPT and raised concerns that the system could generate false information about individuals.
The clearing of the Guarantor
The real point of the whole affair, however, probably the result of the strong fibrillation of various sectors (and many users) was the hand extended by the Guarantor. The Commissioners expressed very clearly their desire not to hinder the development of AI in Italy. And this can only preclude a "happy" outcome of the whole affair.
What happens now?
OpenAI said it is working to remove personal information from training data where possible, to set its models to reject requests for personal information from private individuals, and to act on requests to delete personal information from its systems. Case closed, then? No. In Italy, as mentioned, the impression is that there will be a reopening of the system. More generally, however, the authorities are "warming up their engines" to close the gap and try to regulate the sector.
Other regulators in Europe and elsewhere began paying more attention after Italy's action. The Irish Data Protection Commission said it was “in contact with the Italian Supervisory Authority to understand the basis of their actions and coordinate with all EU data protection authorities in relation to this matter”. France's data privacy regulator, CNIL, said that it launched an investigation after receiving two complaints about ChatGPT. Also the privacy commissioner of Canada opened an investigation on OpenAI. And he did so after receiving a complaint about the alleged "collection, use and disclosure of personal information without consent".
On the other hand, the AI journey is only just beginning, right?