LEGAL NEWS IN THE SPOTLIGHT | Italian DPA vs. OpenAI saga: act II

With a press release on 29 January 2024, the Italian Data Protection Authority (DPA) announced that it had served notice on OpenAI, i.e., the company that developed and released ChatGPT’s AI platform, for allegedly breaching EU data protection law. This development comes nearly 10 months after the DPA imposed a temporary ban on ChatGPT in Italy, following which OpenAI implemented a number of measures to comply with the DPA’s requests, including an opt-out form to allow all individuals in Europe (users and non-users) to exercise the right to opt out from the processing of their data for algorithm training. Although ChatGPT’s AI platform was subsequently reinstated in late April 2023, the DPA continued its investigation into OpenAI, also involving an ad-hoc task force set up by the European Data Protection Board. In the latest press release, the DPA reported that the findings and evidence resulting from the investigations – which have not yet been publicly disclosed – pointed to the fact that OpenAI may have breached some GDPR provisions. OpenAI has been given 30 days to respond to the allegations by submitting its counterclaims.