ChatGPT was the big star of late 2022 and much of 2023. OpenAI’s success in creating a chatbot with these features meant that while it was not innovative in terms of its underlying technology, it was innovative as a service by bringing the capabilities of its GPT model into a conversational chatbot experience. The response from other technology companies such as Google and Microsoft among others was immediate and we started to see the arrival of similar services shortly after.

So its launch was a big success, but therein lies the problem ChatGPT was not prepared to face the legal regulations of all the markets it reached. Thus, at the end of March, the service experienced what appeared to be a crash, which is not unusual for an online service, but the situation took on a completely different tone when OpenAI itself learned that it was indeed an intentional shutdown after discovering a privacy issue with the service.

As a result of this issue, and with the strict application of the European GDPR, Italy proceeded to block access to ChatGPT throughout the country, while other countries of the common European area launched their own investigations in this regard. Finally, after making some adjustments, Italy allowed access to ChatGPT again, but this did not represent a definitive victory for OpenAI, because the GPDP (Garante per la Protezione dei Personali Data), The Italian regulator said its investigation remains open.

Although many months have passed since then, and it may have seemed that the matter had fallen into oblivion, today we were able to verify that this was not the case, and that GPDP announced to OpenAI that ChatGPT «violates legal regulations on the protection of personal data«as we can read in the official statement issued by the Italian regulator, which again puts the service on the ropes.

On this occasion, yes, decided to give OpenAI a period of 30 days so that any charges they may have can be addressed to identified issues which, yes, have not been made public (but have been reported to the company). In addition, it also specifically states participation in the process of the special working group created by the EDPB (European Data Protection Board) in April last year to specifically address the presence of ChatGPT in the European common space. This means that in this case, the Italian regulator’s considerations may overtake the rest of the European Union more quickly than it did last year.

Let’s remember that OpenAI’s response last March was full of collaboration, something that was recognized by the Italian regulator and which undoubtedly influenced the “rapid” restoration of access to ChatGPT in Italy. It is therefore to be expected that on this occasion the technology will be equally cooperative, although it also seems likely that the issues identified in this research are of greater importance and therefore entail more profound changes. So the big question now is whether OpenAI will spend those 30 days preparing their allegations, responding to the issues raised by GDPD, or whether they’ll rather do a bit of both.