What future for ChatGPT in Europe with the GDPR? The question will arise, since the decision of the Italian Cnil. The authority lists a series of problems: breaches of the regulations, a security incident, a lack of protection vis-à-vis minors or inaccurate processing of personal data.
Is ChatGPT at risk of being expelled from the European Union? This is the risk that the decision of the Italian Cnil poses to the famous chatbot manufactured by the American company OpenAI. The institute, Guarantor for the protection of personal datahas just published a press release on March 31 denouncing breaches of European regulations.
Several shortcomings are mentioned. For example, there is no control of the age of Internet users, although the service declares in its legal notices that it is intended only for people aged at least 13 years. As a result, there is a risk that minors will come across ” responses totally unsuited to their level of development and self-awareness. »
Incorrect data processing
Another grievance pointed out by the Italian authority: the information provided by ChatGPT does not always correspond to the real data, which leads to inaccurate processing of personal data. Perhaps you have seen it yourself by experimenting with a search on your name with the conversational agent: the tool is far from producing a satisfactory copy.
For example, a search for my name made ChatGPT say that I worked for other newsrooms (which is incorrect) and that I hold a particular function (also incorrect). The blog story is partially correct, but the advanced name is wrong. The rest of the description is correct. And if I ask ChatGPT for additional info, additional errors come up.
The Italian Cnil also points to a security incident concerning conversations between Internet users and ChatGPT (discussion titles were mixed between users). A similar incident also hit payment information for customers of ChatGPT Plus, the premium version of the service. Emails and phone numbers were also mixed up.
Finally, the protection authority mentions defects in compliance with the GDPR (General Data Protection Regulation): insufficient information for Internet users on the data collected and above all lack of legal justification for the massive collection and storage of personal data in the purpose of training the algorithms behind ChatGPT.
The Italian Cnil calls for an immediate stop
An investigation is launched as a result, and the instance calls on OpenAI to stop ” ChatGPT until it complies with privacy regulations “. She also asks for a stop “ immediate » of the data processing of Italian users. It also gives OpenAI twenty days to react to its requirements.
The decision, limited to Italy, questions the legality of ChatGPT processing more broadly throughout the European Union, where the GDPR also applies. Thus, the shortcomings noted by the Guarantor for the protection of personal data are also likely to be taken over by other bodies, including the National Commission for Computing and Liberties in France.
The Cnil also has a range of options to put an end to an infringement, if it is constituted. The lightest is a warning, the heaviest is a fine of up to 20 million euros or 4% of annual worldwide turnover. With also the possibility of requiring a definitive limitation of the processing, or its prohibition.
If you liked this article, you will like the following ones: do not miss them by subscribing to Numerama on Google News.