Access to OpenAI’s generative AI chatbot, ChatGPT, has been geo blocked in Italy since the company first implemented the feature.
The decision comes after the local data protection authorities issued an order on Friday instructing the company to cease processing the personal data of Italians for the ChatGPT service.
OpenAI writes that it “regrets” to inform users that it has disabled access to users in Italy — at the “request” of the data protection authority — which it refers to as the Garante. This statement is displayed online to users with an Italian IP address trying to access ChatGPT. OpenAI writes that it “regrets” to inform users that it has disabled access to users in Italy.
It also states that it will provide refunds to all users in Italy who purchased a subscription to the ChatGPT Plus service during the previous month. Additionally, it notes that it is “temporarily pausing” subscription renewals in Italy so that users will not be charged while the service is suspended. This is done to ensure that users are not inconvenienced financially.
It would appear that OpenAI is employing a straightforward geo block at the present time; hence, a straightforward solution to the problem is to use a virtual private network (VPN) to transfer to an IP address that is not Italian.
However, if a ChatGPT account was initially created in Italy, the account may no longer be accessible. Users who wish to get around the ban may be required to create a new account using an IP address not associated with Italy.
The Main Issue With ChatCPT
The issue that causes ChatGPT and other generative AI chatbots sometimes provide incorrect information. This seems to present a difficulty in the European Union because the GDPR grants individuals various rights over their information, including the right to correct incorrect information.
In the meantime, it is unclear whether OpenAI provides a mechanism through which consumers can request that the chatbot stop spreading false information about them.
The corporation, with its headquarters in San Francisco, in a public statement addressed to users in Italy who have been restricted due to their location, the company said the following: “We are devoted to safeguarding people’s privacy, and we feel that we offer ChatGPT in conformity with GDPR and other data protection legislation.”
“We’ll deal with that promise with the objective of restoring your access as soon as possible; many of you have told us that you find ChatGPT useful for day-to-day chores, and we look forward to making it available again soon.”
Despite an optimistic tone towards the end of the statement, it is unclear how OpenAI can address the compliance challenges.
In other words, privacy-centric processes and concepts are expected to be ingrained into a system that processes people’s data from the beginning, as required by the pan-European Union rule, which asks for data protection “by design and default.” To put it another way, this method is the antithesis of the “take the facts and ask for forgiveness afterwards” approach.
Sanctions for substantiated violations of the GDPR can reach up to 4% of a data processor’s annual global turnover (or €20M, whichever is greater), depending on the severity of the violation.
Additionally, because OpenAI does not have a primary location within the EU, any of the EU’s data protection authorities have the authority to regulate ChatGPT. This means that the authorities of any other EU member country may choose to become involved and conduct an investigation, as well as levy fines for any violations they discover (in relatively short order, as each would be acting only in their own patch).
As a result, it faces the highest amount of exposure to GDPR. It is unprepared to play the forum shopping game, a strategy other digital firms have employed to delay privacy regulation in Europe.
