Two days after one open letter which called for a moratorium on the development of more powerful AI models such as ChatGPT so that regulators can catch up, the protection authority data of Italy has just published a reminder that some countries already have laws that apply to Artificial Intelligence — ordering OpenAI to stop processing data on Italy's population with immediate effect.
The Italian DPA said that it is concerned that the maker of ChatGPT is in violation of the European Union's General Data Protection Regulation (GDPR).
Specifically, it said it has issued the order to block ChatGPT because of concerns that OpenAI processed people's data illegally and that the lack of any system does not prevent minors from accessing the technology.
The San Francisco-based company (OpenAI) has 20 days to respond to the order or face certain penalties. Fines for breaches of the EU data protection regime can be up to 4% of annual turnover or 20 millions euros, whichever amount is greater.
It is worth noting that since OpenAI does not have a legal department established in the EU, and thus any data protection authority is empowered to intervene, under the GDPR, if it sees risks to local users. Therefore, since Italy has started, other countries may follow.
The GDPR must be applied every time they are processed privacy of EU users. And it's clear that OpenAI's big language model gathers this kind of information, since it can, for example, generate biographies of named people on demand. Although OpenAI declined to provide details on the training data used for the latest version of the GPT-4 tool, it has revealed that previous models were trained with data found on the Internet, including from forums such as Reddit. Therefore, if you are registered somewhere in the Internet, chances are the bot knows your name.