OpenAI's ChatGPT has been widely praised—there's hardly any question we haven't seen it answer. Yet, the Italian enforcer of the EU's General Data Protection Regulation (GDPR) has placed an immediate, temporary embargo on ChatGPT use in Italy.

This means that if you're in Italy, you'll now be unable to use the AI chatbot. Here's why.

Why Did Italy Ban ChatGPT?

Person Using ChatGPT on Laptop

On March 30th, 2023, the Italian Data Protection Authority, Garante per la Protezione dei Dati Personali (GPDP), officially announced a ChatGPT ban, effective immediately, that would last until ChatGPT complied with the EU's GDPR.

The Italian data regulator declared that OpenAI's ChatGPT posed several problems and infringed the EU's privacy law. The GDPD's privacy concerns can be broken down into five key areas:

1. Breach of Privacy Laws

The GDPD's chief concern is that ChatGPT continues processing personal data in breach of its privacy laws. Although the way ChatGPT works is that it has been trained prior to deployment, the chatbot still collects and processes data from users to provide relevant answers.

ChatGPT Onboarding

The Italian regulator ensures data controllers follow the general obligations outlined in the EU's privacy law, and OpenAI falls short.

2. Unjustified Collection of Personal Data

Asides from the breach of its privacy laws, the GDPD claims that there is no legal justification for OpenAI's massive collection and processing of personal data to train ChatGPT's algorithms. According to the Italian regulator, ChatGPT's information doesn't always match factual circumstances, so OpenAI can use falsified personal data.

3. A Lack of Easily-Accessible and Transparent Information

In addition, the Italian regulator pointed out that OpenAI doesn't inform users whose data it collects. This is another clear violation of the EU's privacy laws.

4. Lack of Age Verification Systems

The GDPD announced that ChatGPT exposes inappropriate information to users under 13 because it lacks appropriate age detection mechanisms. This underage exposure violates the EU's GDPR, which states that individuals must clearly consent to the processing of their personal data. As underage individuals, they are not to consent on their behalf.

5. Risk of Data Breaches

While citing a data breach reported on March 20th, 2023, the Italian regulator raised concerns about the chatbot's risk of data breaches. Europol's announcement of the potential of criminals using ChatGPT to commit fraud and cybercrime likely fostered these concerns.

Data breaches also infringe on the country's privacy laws—all data processors must implement appropriate security measures.

Italy's ChatGPT Ban Could Be a Template for Other EU Countries

The EU's GDPR is said to be the strictest privacy law in the world, and Italy's ban emphasizes the importance of data compliance in Europe. The Irish data authority has been reported to be studying the GDPD's actions with intentions to "coordinate" with the EU concerning the ban. Likewise, the UK's data regulator is said to have declared support for AI with the condition that it complies with data protection laws.

Although Italy's ChatGPT ban is comprehensive, it is said to be temporary. Garante per la Protezione dei Dati Personali has requested notification from OpenAI detailing the actions implemented to comply with its orders. If OpenAI fails to comply, the ban could become permanent, like Italy's ban on Replika, another AI chatbot. OpenAI would also likely pay €20 million or 4% of its global annual turnover.

Italy's ChatGPT ban could improve global AI data compliance or hamper the fast-growing AI chatbot. Either way, the ban will have significant implications for ChatGPT.