Italy’s data protection authority (DPA) has ordered OpenAI, ChatGPT’s parent, to stop processing people’s data locally with immediate effect.
The Italian DPA cited concerns over the ChatGPT maker’s breaching the European Union’s General Data Protection Regulation (GDPR).
The DPA blocked ChatGPT over concerns OpenAI has unlawfully processed people’s data — and also over the lack of any system to prevent minors from accessing the tech.
OpenAI has 20 days to respond to the order — backed up by the threat of some hefty penalties if it fails to comply.
It’s worth noting that since OpenAI does not have a legal entity established in the EU any data protection authority is empowered to intervene, under the GDPR, if it sees risks to local users.
OpenAI has declined to provide details of the training data used for the latest iteration of the technology, GPT-4 but it has disclosed that earlier models were trained on data scraped from the Internet, including forums such as Reddit.
Also, ChatGPT has been shown to produce false information about named individuals — making up details its training data lacks.
If OpenAI has processed Europeans’ data unlawfully, DPAs across the bloc could order the data to be deleted — although whether that would force it to retrain models trained on data unlawfully obtained is one open question as an existing law grapples with cutting-edge tech.