After the setbacks of ChatGPT in Italy, Europe is taking up the subject. The European Data Protection Supervisor (EDPS), the body which brings together the national privacy monitoring bodies in Europe, declared this Thursday, April 13, 2023 to have set up a working group on ChatGPT. This is a potentially important first step towards a common policy on privacy rules on artificial intelligence, while the European Commission is still working on the adoption of its AI Act (Artificial Intelligence Act), draft artificial intelligence regulations.
“Possible enforcement actions taken by data protection authorities”
“EDPS members discussed the recent enforcement action taken by the Italian Data Protection Authority against Open AI regarding the ChatGPT serviceindicates the press release of the organization. The EDPS has decided to launch a dedicated working group to foster cooperation and exchange information on possible enforcement actions carried out by data protection authorities.” A decision that responds to the concerns of the various Member States regarding the processing of personal data carried out by ChatGPT.
A fortnight ago, the transalpine authorities decided to block access to the conversational agent. They believe that ChatGPT does not comply with the European Personal Data Regulation (GDPR) and does not offer a device to verify the age of users online, thus allowing minors under 13 to access the service. The Italian Cnil immediately announced the opening of an investigation to dig deeper into the subject. The authority gave ChatGPT 20 days to get back on track.
An investigation opened in France
The Italian example could be followed by Germany, according to recent statements by its data protection commissioner. Spain also said on Thursday that a preliminary investigation into possible data breaches by ChatGPT would soon be launched. Finally, in France, the CNIL opened “control procedure” after several complaints targeting the OpenAI chatbot, including one coming directly from an elected official.
Deputy Éric Bothorel, from the Renaissance group, seized the Cnil on Wednesday April 12 about ChatGPT for possible breaches of the GDPR. The deputy had supported his argument with a personal example, showing the errors given about him by the chatbot. “Is it normal that what looks like a tool that processes personal data disseminates erroneous data on our fellow citizens? It seems problematic to me”Éric Bothorel told AFP.