December 6, 2023

OpenAI has restored the access to ChatGPT in Italy after it met the demands of the Italian Data Protection Authority, Garante Privacy.

Earlier this month, the Italian Data Protection Authority, banned ChatGPT on concerns over illegal collection of personal data and the absence of systems for verifying the age of minors.

The Authority pointed out that OpenAI does not alert users that it is collecting their data. The privacy watchdog said that there is no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies.

Advertisements

The service has been inducted for test to revalidation and determined that the information it provides does not always match factual circumstances so inaccurate personal data are processed. The claim is that ChatGPT exposes minors to inappropriate responses for their age despite the service being designed to respond to users aged above 13.

“OpenAI will have to comply by 30 April with the measures set out by the Italian SA concerning transparency, the right of data subjects – including users and non-users -, and the legal basis of the processing for algorithmic training relying on users’ data.”

Now OpenAI declared it has fulfilled the demands of the Italian data protection authority, based on that the ban on the chatbot lifted.

Measures Implemented

  • Drafted and published, an information notice addressed to users and non-users, in Europe and elsewhere, describing which personal data are processed under which arrangements for training algorithms, and recalling that everyone has the right to opt-out from such processing.
  • Expanded its privacy policy for users and made it also accessible from the sign-up page prior to registration with the service.
  • Granted all individuals in Europe, including non-users, the right to opt-out from processing of their data for training of algorithms also by way of an online, easily accessible ad-hoc form.
  • Introduced a welcome back page in case of reinstatement of the service in Italy containing links to the new privacy policy and the information notice on the processing of personal data for training algorithms.
  • Introduced mechanisms to enable data subjects to obtain erasure of information that is considered inaccurate, whilst stating that it is technically impossible, as of now, to rectify inaccuracies.
  • Clarified in the information notice for users that it would keep on processing certain personal data to enable performance of its services on a contractual basis, however it would process users’ personal data for training algorithms on the legal basis of its legitimate interest, without prejudice to users’ right to opt-out from such processing.
  • Implemented a form to enable all European users to opt-out from the processing of their personal data and thus to filter out their chats and chat history from the data used for training algorithms.
  • Added, in the welcome back page reserved for Italian registered users, a button for them to confirm that they are aged above 18 prior to gaining access to the service, or else that they are aged above 13 and have obtained consent from their parents or guardians for that purpose; 
  • Included the request to specify one’s birthdate in the service sign-up page to block access by users aged below 13 and to request confirmation of the consent given by parents or guardians for users aged between 13 and 18.

Reference : Security Affairs

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023

LogoFAIL Firmware Attack

December 3, 2023

Proliance Surgeons Discloses a Data Breach

December 3, 2023

23andMe Breach affected 14K Customers

December 3, 2023
%d