At the end of March, the Italian Data Protection Authority (the “Garante”), announced that OpenAI’s fancy new ChatGPT software would imminently be blocked from use within the European nation over concerns that ChatGPT’s training and function violate the EU’s General Data Protection Regulation (GDPR). On Wednesday, the Garante published a list of necessary steps OpenAI will have to take by the end of April if Italy is to lift its temporary limitation on the processing of its user data.
“OpenAI will have to draft and make available, on its website, an information notice describing the arrangements and logic of the data processing required for the operation of ChatGPT along with the rights afforded to data subjects,” the Garante announced. Additionally, Italian users must be shown said notice and will have to declare that they are over the age of 18 prior to the completion of their registrations. What’s more, the company will be required to age gate the site to filter out users under the age of 18 by the end of September.
The Garante is also demanding that the company enact “easily accessible tools to allow non-users to exercise their right to object to the processing of their personal data,” per Wednesday’s release. “The same right will have to be afforded to users if legitimate interest is chosen as the legal basis for processing their data.”
Finally, OpenAI must by May, 31st run “through radio, TV, newspapers and the Internet” an ad campaign informing the public about their data collection methods and how Italians’ personal information will be used to train the company’s algorithms. In all, OpenAI has just 18 days to get all of its regulatory ducks in a row before the regulator implements additional penalties.