In March, Italy became the first Western country to temporarily ban access to ChatGPT within its borders. Citing concerns over “unlawful” data collection and the lack of an age verification mechanism for minors, the country’s data protection agency — Garante — blocked the service, requiring OpenAI to meet a series of demands for the suspension to be lifted.
As of April 28, Italian users have regained access to the AI system, after OpenAI implemented the majority of the measures ordered by Garante. These address age verification, transparency, and the rights of users and non-users alike.
First off, the US-based company has introduced a “welcome back” pop-up box, which asks users to confirm they’re above 18 years-old, or that they have obtained parental consent if they’re aged between 13 and 18. They also need to specify their birthday on the sign-up page to gain access.
By clicking on the links, users can get information about what kind of data is being processed for training purposes and under what conditions. OpenAI has now clarified that it’ll continue processing certain types of data on a contractual basis to enable the performance of its services, but for algorithm training data processing will be on the legal basis of legitimate interest.
To enable users and non-users to better exercise their rights, as requested by Garante, the company has further included an opt-out form for the processing of personal data. Users can also obtain erasure for inaccurate information, although, for now, OpenAI claims it’s “technically impossible” to provide rectifications.
While the Italian regulator welcomed OpenAI’s new measures, it called on the company to comply with the extra requests it had ordered as well.
Besides the age gate, OpenAI has to introduce an age verification system that prevents minors from using the service. It also needs to conduct a campaign informing Italians that their personal data may have been used for ChatGPT’s training, while raising awareness of the new information policy and attached data rights.
The Italian agency said that it “acknowledges the steps forward made by OpenAI to reconcile technological advancements with respect for the rights of individuals and hopes that the company will continue in its efforts to comply with European data protection legislation.” Nevertheless, it will continue its investigation into the company’s compliance with GDPR.
While Italy’s ChatGPT ban didn’t last for more than a month, it’s the first attempt in the Western world to regulate a generative AI tool like OpenAI’s model. The company’s compliance may set a precedent for other European countries as well — with several other data protection agencies (including France’s, Ireland’s, and Spain’s) paying close attention to the developments.