By 
OpenAI has announced its intention to appeal a €15.6 million ($15.6 million) fine imposed by Italy’s data protection authority, the Garante, over alleged violations of the European Union’s General Data Protection Regulation (GDPR).
The Garante alleged that OpenAI used personal data to train its AI model, ChatGPT, without properly informing users, Reuters reported. Additionally, the regulator claimed that OpenAI lacked sufficient age verification measures to prevent minors from accessing inappropriate content.
While acknowledging OpenAI’s cooperation during the investigation, the Garante stated that this collaboration was factored into determining the penalty. Under GDPR rules, companies can face fines of up to €20 million ($20.9 million) or 4% of their global turnover for non-compliance.
Additional Requirements
Beyond the monetary fine, the Garante has mandated OpenAI to initiate a six-month awareness campaign in Italian media to educate the public on how the company collects and processes personal data for training its algorithms.
OpenAI’s Response
An OpenAI spokesperson described the Garante’s decision as “disproportionate,” stating that the company would challenge the fine.
“We believe the Garante’s approach undermines Italy’s AI ambitions, but we remain committed to working with privacy authorities worldwide to offer beneficial AI that respects privacy rights,” the spokesperson said in a statement.
The company also pointed to its earlier cooperation with Italian regulators in 2023, when Italy temporarily banned ChatGPT for alleged GDPR and age-verification non-compliance. OpenAI resolved the concerns within a month, allowing the chatbot to resume operations in the country.
“They’ve since recognized our industry-leading approach to protecting privacy in AI, yet this fine is nearly twenty times the revenue we made in Italy during the relevant period,” the spokesperson added.
Broader Context
The Italian case is part of a larger trend of European regulators scrutinizing tech companies’ data practices under the GDPR.
In a separate action, the Dutch Data Protection Authority recently fined Netflix €4.75 million ($4.95 million) for failing to adequately inform customers about its handling of their personal data. Netflix has stated its objection to the decision.
As GDPR enforcement tightens across the EU, global tech firms face increasing pressure to align their operations with Europe’s stringent data protection standards.
Comments