The Italian Data Protection Authority Garante has said that OpenAI’s popular ChatGPT generative artificial intelligence (GenAI) product breaches data protection rules.

Garante, which is proceeding with an investigation started in 2023, last year temporarily banned ChatGPT over alleged breaches of EU privacy rules. At the time, OpenAI addressed a number of issues concerning factors such as users’ right to decline to the use of personal data to train algorithms, but Garante said it would continue its investigations.

Now, almost a year on from that initial ban, the watchdog has said that it has concluded that elements indicate one or more potential data privacy violations without providing further detail.

Under the EU’s General Data Protection Regulation (GDPR), firms found to have broken rules could face fines of up to 4 per cent of global turnover.

OpenAI has 30 days to present defence arguments, with the Garante noting that its investigation would consider work done by a European task force made up of national privacy watchdogs. .

In an emailed statement to Reuters, OpenAI said it believes it is compliant with GDPR and that it "plans to continue to work constructively with the Garante”.

The EU in December announced provisional terms for regulating AI systems in a move towards providing a framework for the tech’s use.

---