OpenAI geoblocks ChatGPT in Italy

Image credit: Leon Neal/Getty Images

No, it’s not an April Fool’s joke: OpenAI has started geoblocking access to its generative AI chatbot, ChatGPT, in Italy.

The move follows an order from the local data protection authority on Friday that it must stop processing Italians’ data for the ChatGPT service.

In a statement displayed online to users with an Italian IP address trying to access ChatGPT, OpenAI writes that it “regrets” to inform users that it has disabled access to users in Italy – at the “request” of the data protection authority – as it is known as Securing.

It also says it will issue refunds to all users in Italy who purchased the ChatGPT Plus subscription service last month – and also notes that it is “temporarily halting” subscription renewals there so users won’t be charged while the service is suspended.

OpenAI appears to be using a simple geoblock at this point – meaning that using a VPN to switch to a non-Italian IP address offers an easy fix for the block. Even if a ChatGPT account was originally registered in Italy, it may no longer be available, and users wishing to bypass the block may need to create a new account with a non-Italian IP address.

OpenAI’s statement to users trying to access ChatGPT from an Italian IP address (Screenshot: Natasha Lomas/TechCrunch)

On Friday the Securing announced that it has opened an investigation into ChatGPT over suspected breaches of the EU’s General Data Protection Regulation (GDPR) – saying it is concerned that OpenAI has illegally processed Italians’ data.

OpenAI does not appear to have informed anyone whose web data it found and used to train the technology, such as by scraping information from internet forums. Nor has it been entirely transparent about the data it processes—certainly not for the latest iteration of the model, GPT-4. And while the training data it used may have been public (in the sense of being posted online), the GDPR still contains transparency principles – implying that both users and people whose data it scraped should have been informed.

In his statement yesterday Securing also pointed to the lack of any system to prevent minors from accessing the technology, raising a child safety flag – noting that there is no age verification feature to prevent inappropriate access, for example.

In addition, the regulator has raised concerns about the accuracy of the information the chatbot provides.

ChatGPT and other generative AI chatbots are known to produce erroneous information about named individuals – an error AI makers refer to as “hallucinatory”. This looks problematic in the EU as the GDPR gives individuals a range of rights over their information – including the right to correct incorrect information. And at the moment, it’s not clear that OpenAI has a system where users can tell the chatbot to stop lying about them.

The San Francisco-based company has still not responded to our request for comment Warranty investigation. But in its public statement to geoblocked users in Italy, it claims: “We are committed to protecting people’s privacy and we believe we offer ChatGPT in compliance with GDPR and other privacy laws.”

“We want to engage with Securing with the aim of restoring your access as soon as possible,” it also writes, adding: “Many of you have told us that you find ChatGPT useful for everyday tasks, and we look forward to making it available again soon. “

Despite an optimistic note towards the end of the statement, it is not clear how OpenAI can address the compliance issues raised by Ensures – given the broad scope of GDPR concerns, it is posted when a deeper investigation begins.

The pan-EU regulation requires data protection by design and standard – meaning that privacy-centric processes and principles are meant to be built into a system that processes people’s data from the start. Aka, the opposite approach of retrieving data and asking for forgiveness later.

Penalties for confirmed breaches of the GDPR, meanwhile, can scale up to 4% of a data processor’s annual global turnover (or €20 million, whichever is greater).

In addition, since OpenAI has no main establishment in the EU, some of the bloc’s data protection authorities are empowered to regulate ChatGPT – meaning any other EU member state’s authorities can choose to step in and investigate – and issue fines for any violations they find. (in relatively short order, as each would appear only in its own patch). So it faces the highest level of GDPR exposure, unprepared to play the forum-shopping game other tech giants have used to delay privacy enforcement in Europe.

Source link

Back to top button