Header image

OpenAI Fined Over GDPR Failings

Italian data protection authority says age verification mechanisms pose risks for young users.

OpenAI has been fined more than $15 Million for violations of the General Data Protection Regulation (GDPR).

Aside from failing to inform authorities of a data breach in March 2023, OpenAI has also processed ChatGPT users' personal details without sufficient legal basis while not providing age verification mechanisms, The Hacker News reports.

The Italian data protection authority Garante said not providing age verification mechanisms poses risks for any children using the AI chatbot. The authority has also required OpenAI to conduct a communication campaign educating users regarding ChatGPT's data gathering practices over six months.

"Through this communication campaign, users and non-users of ChatGPT will have to be made aware of how to oppose generative artificial intelligence being trained with their personal data and thus be effectively enabled to exercise their rights under the GDPR," said Garante. OpenAI has expressed intent to appeal the decision, which it regarded to be unreasonable.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.