By 
Italy’s data protection agency, the Garante per la protezione dei dati personali, is cracking down on violations of national data privacy laws related to the use of AI and video surveillance tools.
Trento Municipality Fined
The Garante has levied a hefty fine of €50,000 (~US$54K) on the municipality of Trento in the Italian Alps for infringing on legality in its EU-funded smart city projects. Particularly concerning were the initiatives named Marvel and Protector. Marvel involved algorithmic monitoring of public video and audio surveillance footage for potential risks to public safety, while Protector focused on securing places of worship, including the collection and sentiment analysis of social media content considered hateful or threatening.
The municipality’s research experiment showcased a series of poor practices, highlighting the dangers that arise when enthusiasm for new technology overshadows legal rights. Garante found shortcomings in transparency, consent mechanisms for sharing data with third parties, technical application of anonymization techniques, and impact assessment protocols.
Garante’s assessment criticized Trento for not aligning scientific research with its institutional purposes and failing to justify the processing of personal data within a legal framework. It condemned the town for implementing “massive and invasive processing methods” that posed significant risks to the rights and freedoms of individuals.
OpenAI Faces Sanctions
The Italian data protection agency has also taken action against OpenAI, imposing an immediate temporary restriction on the processing of Italians’ data by the pioneering AI chatbot. Garante alleges that OpenAI is collecting users’ data without their consent, processing inaccurate data, and operating without legitimate legal grounds.
One major concern raised by Garante is the absence of an age verification mechanism for ChatGPT, exposing minors to inappropriate responses despite the platform’s terms of service requiring users to be over thirteen. Age verification issues have become increasingly prominent in the EU, where data privacy regulations are stringent.
OpenAI has been given a 20-day ultimatum to implement compliance measures, with a threat of a fine of up to €20 million if the necessary changes are not made promptly.
Comments