Italian DPA: ChatGPT (continues) to violate the GDPR

The Italian Data Protection Authority has concluded that ChatGPT remains in violation of European data protection regulations. This determination comes after an exhaustive investigation spanning nearly a year, during which the AI system underwent rigorous scrutiny by the data protection authority. The suspension imposed on ChatGPT was prompted by the discovery that certain users’ messages and payment information were inadvertently exposed. Additionally, the absence of a robust age verification system allowed children to receive responses from ChatGPT that were inappropriate for their age group.

These findings underscore the importance of exercising continued vigilance when providing data to ChatGPT and similar AI models. There exists a risk that such data may be inadvertently accessible to unauthorized users, highlighting the need for stringent data protection measures.

(Dr. Lukas Mezger, UNVERZAGT Rechtanwälte)