ChatGPT restored access for Italian users Friday after changes to its privacy controls were welcomed by the country’s data protection authority (DPA).

The Italian DPA, Garante, ordered OpenAI, the U.S.-based developer of ChatGPT, to stop processing the data of the country’s citizens in March after determining the platform violated European Union privacy laws and had no controls to stop it interacting inappropriately with young children. The decision increased scrutiny of OpenAI and generative artificial intelligence across the bloc, leading DPAs in France, Spain, Germany, and other countries to consider taking similar action.

OpenAI responded by enhancing the way users control their data on the platform, including:

  • Expanding the content and accessibility of its privacy policy;
  • Clarifying which data it processes and for what use;
  • Granting EU users the right to opt-out from processing of their data for training of algorithms; and
  • Introducing mechanisms for users to erase certain data within the platform’s capabilities.

The company also added verification controls for users under the age of 18, though Garante indicated in a translated press release more work remains.

“The Italian [DPA] acknowledges the steps forward made by OpenAI to reconcile technological advancements with respect for the rights of individuals, and it hopes that the company will continue in its efforts to comply with European data protection legislation,” the regulator said.

Garante added it will continue to work with the European Data Protection Board, which formed a task force to coordinate potential EU enforcement efforts against OpenAI for violations of the General Data Protection Regulation.

Kyle Brasseur is Editor in Chief of Compliance Week. His background includes expertise in user personalization with ESPN.com.View full Profile

More from Kyle Brasseur

Topics