The US company behind the AI chatbot must comply with several privacy requirements.
The AI chatbot ChatGPT could come back to Italy sooner rather than later.
On Wednesday the Italian data protection authority The Garante gave OpenAI — the U.S. company behind ChatGPT — until April 30 to comply with specific privacy requirements, paving the way for lifting the chatbot’s temporary ban in the country.
As it proceeds with its investigation, the Italian regulator ordered Open AI to verify users' age before they use the AI chatbot and explain on its website how and why it processes people's data for ChatGPT. The U.S. company will have to ask users for their consent or legitimate interest to use their data and make it possible for people to request to correct or delete their personal data.
OpenAI will also have to conduct an information campaign via Italian television, radio, websites and newspapers by May 14 to inform people how it uses their personal data to train its ChatGPT algorithm.
"Only then, the reasons for urgency having ceased to exist, will the Authority suspend the temporary restriction order on the processing of Italian users' data taken against the U.S. company, and ChatGPT will be able to become accessible again from Italy," said the regulator in an Italian-language press release.
OpenAI will also have to submit a detailed plan by May 31 that seeks to implement — before September — a solid system to ensure minors younger than 13 and without parental consent can't access ChatGPT.
In late March, ChatGPT was ordered to temporarily stop processing Italian users’ personal data over alleged violations of laws such as the General Data Protection Regulation (GDPR). The Garante also said the platform did not verify the ages of minors in order to prevent them from accessing the chatbot.
Earlier this month, OpenAI executives spoke with the Italian authority to present their plan to assuage concerns over potential privacy violations, which also include lacking a legal basis to massively gather people’s personal data, the spread of misinformation, and a data breach.
OpenAI separately said in a blog post it was looking into options to verify users’ ages to ensure people under 18 and without parental consent can’t use its chatbot.
The Garante’s decision comes as the European Data Protection Board (EDPB) — the umbrella organization of Europe’s data protection authorities — is scheduled to meet on Thursday.
At least two regulators, from France and Spain, want to discuss ChatGPT on top of the main point of discussion related to a GDPR investigation into Meta. An EDPB spokesperson said they were not able to share more details about the agenda.
OpenAI did not respond to a request for comment in time for publication.