ChatGPT's developer OpenAI has been ordered to implement a ‘right to be forgotten’-style policy in the chatbot by the Italian data protection regulator (SA).
Data subject rights were among the most important considerations made by the Italian regulator in deciding ChatGPT’s long-term presence in the country, which has recently been in doubt.
The additional measures that must be implemented, per the Italian SA’s recent address, include the capability for users and non-users to request their personal information be changed if generated in ChatGPT user prompts.
“OpenAI will have to make available easily accessible tools to allow non-users to exercise their right to object to the processing of their personal data as relied upon for the operation of the algorithms,” the regulator said.
“The same right will have to be afforded to users if legitimate interest is chosen as the legal basis for processing their data,” it added.
The measures echo the so-called ‘right to be forgotten' - the data privacy rule that preceded GDPR and was ultimately included in the EU-wide regulations in 2018.
Since Italy banned the use of ChatGPT in the country earlier this month, a move that was branded ‘an overreaction’ by experts, talks have been ongoing between it and OpenAI - ChatGPT’s developer.
The result of these talks has led the California-based firm being given a ‘to-do’ list of changes before it can resume operating in the country.
OpenAI has been given a deadline of 30 April to comply with the numerous measures set out by the Italian SA.
These include changes to data processing transparency, the rights of data subjects, the legal basis of data processing for algorithmic training, and safeguards for minors.
GDPR and data subject rights
Data subject rights outlined under GDPR include eight fundamental tenets, including the right to withdraw consent for the use and processing of personal data.
Under GDPR, citizens are also entitled to the right to rectification under Article 16 of the legislation, meaning that data subjects can request “inaccurate or outdated personal information be updated or corrected”.
RELATED RESOURCE
Innovation to boost productivity and provide better data insights
Similarly, data subjects have the right to be forgotten, or the ‘right to erasure’, which enables them to request that their personal data be deleted.
In this context, the Italian data protection regulator appears concerned that given the potential for personal information to be disclosed via ChatGPT, this poses a risk to Italian citizens and is in breach of GDPR.
Large language models (LLMs) such as ChatGPT rely on huge volumes of information drawn from the internet to train AI models.
This has posed questions recently over how platforms such as ChatGPT may pose privacy risks - and the generation of incorrect information has been thrust firmly into the spotlight in this regard.
Last week, an Australian mayor mulled the prospect of legal action when ChatGPT generated false information which stated he was imprisoned for bribery.
In reality, Brian Hood, Mayor of Hepburn Shire Council, was a whistleblower and was neither arrested nor convicted on criminal charges.
Regulatory crackdown
Discussions around regulatory safeguards to mitigate the potential dangers of generative AI have raged since the launch of ChatGPT in November last year.
Earlier this week, US authorities launched a public consultation to explore potential “accountability measures” for companies developing AI systems such as ChatGPT.
The consultation could guide the development of future US legislation on AI safeguards to ensure responsible use.
-
Enterprise AI adoption is about to get the Big Brother treatmentOpinion Worried your staff aren’t using those shiny AI tools you petitioned for? Big tech has you covered
-
Dreamforce 2025: What's an agentic OS?ITPro Podcast NPUs, e-ink, and immersive headsets are the latest hardware innovations for business devices
-
'It's slop': OpenAI co-founder Andrej Karpathy pours cold water on agentic AI hype – so your jobs are safe, at least for nowNews Despite the hype surrounding agentic AI, OpenAI co-founder Andrej Karpathy isn't convinced and says there's still a long way to go until the tech delivers real benefits.
-
OpenAI signs another chip deal, this time with AMDnews AMD deal is worth billions, and follows a similar partnership with Nvidia last month
-
OpenAI signs series of AI data center deals with SamsungNews As part of its Stargate initiative, the firm plans to ramp up its chip purchases and build new data centers in Korea
-
Why Nvidia’s $100 billion deal with OpenAI is a win-win for both companiesNews OpenAI will use Nvidia chips to build massive systems to train AI
-
OpenAI just revealed what people really use ChatGPT for – and 70% of queries have nothing to do with workNews More than 70% of ChatGPT queries have nothing to do with work, but are personal questions or requests for help with writing.
-
Is the honeymoon period over for Microsoft and OpenAI? Strained relations and deals with competitors spell trouble for the partnership that transformed the AI industryAnalysis Microsoft and OpenAI are slowly drifting apart as both forge closer ties with respective rivals and reevaluate their long-running partnership.
-
Mistral AI wants businesses to make new memories with Le ChatNews The company hopes new functionality and Connection Partners will broaden business appeal
-
OpenAI thought it hit a home run with GPT-5 – users weren't so keenNews It’s been a tough week for OpenAI after facing criticism from users and researchers
