Home » Why Italy’s ChatGPT ban might be replicated across Europe
Technology and Security

Why Italy’s ChatGPT ban might be replicated across Europe

The Italian Privacy Authority raised two key issues – handling of data and protection of minors – that are common concerns addressed by common European laws. Legal and media expert Zeno-Zencovich believes Rome is actually trailblazing the rest of Europe

The Old Continent puts ChatGPT under scrutiny. Last Friday, the Italian Privacy Authority took issue with ChatGPT, the AI-powered chatbot that’s been commanding headlines since its reveal in late 2022. As a result, OpenAI (the company behind the service) opted to suspend the service in Italy – the first such instance in the global West.

  • Then, on Monday, Reuters reported that more European countries are considering whether to apply harsher measures to address concerns around ChatGPT.
  • Privacy regulators from France and Ireland have reached out to their Italian counterpart, while Germany’s told Handelsblatt that Berlin might be following in Rome’s footsteps.

How it came to be. It all started with a ChatGPT data breach in March that exposed sensitive user information and conversations. That caught the attention of the authorities, who became aware of discrepancies between the chatbot’s privacy policy and its actual operation.

  • Such concerns were then relayed to OpenAI, which opted to suspend the service in Italy.
  • They boil down to how the company (which does not possess a European office) uses and stores user data…
  • … and how it fails to check the user’s age, as European minors must be shielded from profiling and targeted advertising under European law.
  • It also lamented the “absence of any legal basis that justifies the massive collection and storage of personal data” to train the chatbot.

The expert’s take. Decode39 reached out to Vincenzo Zeno-Zencovich, Professor of Comparative Law at the Roma Tre University and an expert in European private law, media, and novel IC tech to flesh out what caught the Privacy Authority’s attention and why Italy’s example might soon spread out to the rest of the European Union.

  • As he noted, the issues flagged by the Italian Authority can apply to any digital service. Companies behind Facebook, Google or TikTok, which are often targets of the regulators’ attention, are better equipped to deal with such issues.
  • “I’m not passing judgement, [but] some of these companies (I am thinking especially of ByteDance, owner of TikTok) show a lack of understanding of the European regulatory framework,” commented the professor. “They provide global services, have processing centres outside the EU, and tend to standardise their approach.”

Will other EU countries follow the Italian example? “It seems rather predictable to me,” answered Mr Zeno-Zencovich, noting the European Data Protection Board (which comprises all national privacy authorities, the EU’s own and the European Commission) will “inevitably consider and refine, modify, adjust or extend the Italian decision.”

  • The bottom line, he added, is that the other twenty-six data protection authorities would be hard-pressed to believe that the problem is an Italian one.
  • “OpenAI has appointed a representative in Europe, but I don’t think the European guarantors will be satisfied: they will want a European legal entity that can provide economic guarantees,” he added.

Subscribe to our newsletter