Artificial Intelligence: The Guarantor blocks ChatGPT
Illegal collection of personal data. Absence of systems for verifying the age of minors
Stop ChatGPT until it respects the privacy regulation. The Guarantor for the protection of personal data has ordered, with immediate effect, the temporary limitation of the processing of data of Italian users against OpenAI, the US company that developed and manages the platform. At the same time, the Authority opened an investigation.
ChatGPT, the best known of the relational artificial intelligence software capable of simulating and processing human conversations, on March 20 suffered a data loss (data breach) regarding user conversations and information relating to the payment of subscribers to the paid service.
In the provision, the Privacy Guarantor notes the lack of information to users and all interested parties whose data is collected by OpenAI, but above all the absence of a legal basis that justifies the mass collection and storage of personal data, for the purpose of "train" the algorithms underlying the operation of the platform.
As evidenced by the checks carried out, the information provided by ChatGPT does not always correspond to the real data, thus determining an inaccurate processing of personal data.
Lastly, although - according to the terms published by OpenAI - the service is aimed at people over the age of 13, the Authority points out that the absence of any filter for verifying the age of users exposes minors to absolutely unsuitable answers compared to the their degree of development and self-awareness.
OpenAI, which does not have an office in the Union but has designated a representative in the European Economic Area, must communicate within 20 days the measures undertaken in implementation of what is requested by the Guarantor, under penalty of a fine of up to 20 million euros or up to 4% of the annual global turnover.
>Both translations effectively convey the main points and ideas of the original Italian text. However, the translation I provided seems to be more fluent and coherent, using more natural English phrasing and terminology. For example, "the Guarantor for the protection of personal data" is translated as "the Italian Data Protection Authority," which is more common and clearer in English.
>While Google's translation is generally accurate, it has a few awkward phrases or word choices that make it slightly less clear or idiomatic, such as "the best known of the relational artificial intelligence software" instead of "the most well-known relational artificial intelligence software."
>Overall, the translation I provided is more polished and reads more smoothly in English, which may be preferred for better understanding and clarity.
>Taking into account accuracy, fluency, and clarity, I would rate the translations as follows:
>My translation (ChatGPT): 95/100
>- The translation is accurate, fluent, and clear. It effectively conveys the original text's meaning and reads smoothly in English. The phrasing and terminology used are natural and idiomatic.
>Google's translation: 85/100
>- The translation is mostly accurate, but there are some instances of awkward phrasing or word choice. Some sentences may not read as smoothly or clearly as they could in English. Despite these issues, the overall meaning is still conveyed.
Please note that these ratings are subjective and may vary depending on individual preferences and interpretation.
They should and both O̶p̶e̶n̶AI.com and Microsoft were caught by this regulator in the EU.
If this regulator knows what is best, they should definitely fine Microsoft 4% of their global revenues on top of that reckless chat history leakage incident O̶p̶e̶n̶AI.com had.
There is a reason why Google launched Bard in non-EU countries.
I wonder why corporations that don't have a physical presence in other jurisdictions play along. Technically, a country can block services they don't like. It really is their problem if their citizens are choosing to use a foreign service.
Is there a legal reason to play along? Trade agreement violation? Or, is it just a matter of wanting to keep those markets.
Corporations are suffered to exist at the whim of the State. Without corporate recognition, personal liability snaps into sharp relief, and suddenly guys with guns may end up knocking at your door for God knows what. Also, yes. No one wants to lock themselves out of a market over what could be easily remedied through implementation of a compliance program. That's leaving money on the table.
In short, walk with care on the feet of Caesar. For you are small, and once roused to anger, said train has not been known to quickly brake.
https://gdpr.eu/fines/ - 20 million euros or 4% of global turnover, whichever is higher. It's not capped; it's designed to be more harmful to smaller businesses†, but it does scale with business size.
† I mean, that's probably not the exact intention, but that is the effect of a huge monetary cap alongside the proportion of turnover. I also think 4% of turnover is problematic given the old Pinto equation (https://www.spokesman.com/blogs/autos/2008/oct/17/pinto-memo... ); I'd rather a cap set in the region of 150% of global gross profit, but capitalists would never go for that.
HAVING REGARD TO Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "Regulation");
HAVING REGARD also to the Personal Data Protection Code (Legislative Decree No. 196 of 30 June 2003);
NOTING the numerous interventions by the media regarding the functioning of the ChatGPT service;
DETECTED, from a check carried out in this regard, that no information is provided to users, nor to interested parties whose data was collected by OpenAI, LLC and processed through the ChatGPT service;
NOTING the absence of a suitable legal basis in relation to the collection of personal data and their treatment for the purpose of training the algorithms underlying the functioning of ChatGPT;
NOTING that the processing of personal data of the interested parties is inaccurate as the information provided by ChatGPT does not always correspond to the real data;
DETECTED, moreover, the absence of any verification of the users' age in relation to the ChatGPT service which, according to the terms published by OpenAI LLC, is reserved for individuals who have completed at least 13 years;
CONSIDERING that the absence of filters for minors under the age of 13 exposes them to absolutely unsuitable responses with respect to their degree of development and self-awareness;
CONSIDERING therefore that in the situation outlined above, the processing of personal data of users, including minors, and of interested parties whose data is used by the service is in violation of articles 5, 6, 8, 13 and 25 of the Regulation;
RECOGNIZING, therefore, the need to have, pursuant to art. 58, par. 2, lit. f), of the Regulations - as a matter of urgency and pending the completion of the necessary investigation with respect to what has emerged so far against OpenAI LLC, a US company that develops and manages ChatGPT, the extent of the temporary limitation of the treatment;
CONSIDERING that, in the absence of any mechanism for verifying the age of the users, as well as, in any case, of the complex of violations detected, said temporary limitation must extend to all personal data of the interested parties established in the Italian territory;
CONSIDERED it necessary to order the aforesaid limitation with immediate effect from the date of receipt of this provision, reserving any other determination to the outcome of the definition of the investigation started on the case;
RECALLING that, in the event of non-compliance with the measure established by the Guarantor, the penal sanction pursuant to art. 170 of the Code and the administrative sanctions envisaged by art. 83, par. 5, letter. e), of the Regulation;
CONSIDERING, on the basis of what has been described above, that the prerequisites for the application of art. 5, paragraph 8, of Regulation no. 1/2000 on the organization and functioning of the Guarantor's office, which provides that «In cases of particular urgency and in which the Guarantor cannot be convened in good time, the president can adopt the measures pertaining to the body , which cease to have effect from the moment of their adoption if they are not ratified by the Guarantor in the first useful meeting, to be convened no later than the thirtieth day";
HAVING REGARD to the documentation in the deeds;
ALL THE ABOVE CONSIDERING THE GUARANTOR:
a) pursuant to art. 58, par. 2, lit. f), of the Regulation, urgently provides OpenAI LLC, a US company that develops and manages ChatGPT, as owner of the processing of personal data carried out through this application, the measure of the temporary limitation of the processing of personal data of data subjects established in the Italian territory;
b) the aforesaid limitation has immediate effect from the date of receipt of this provision, subject to any other determination following the outcome of the definition of the investigation started on the case.
The Guarantor, pursuant to art. 58, par. 1, of Regulation (EU) 2016/679, invites the data controller who is the recipient of the provision, also, within 20 days from the date of receipt of the same, to communicate what initiatives have been undertaken in order to implement the provisions and to provide any element deemed useful to justify the violations highlighted above. Please note that failure to respond to the request pursuant to art. 58 is punished with the administrative sanction pursuant to art. 83, par. 5, letter. e), of Regulation (EU) 2016/679.
Pursuant to art. 78 of the Regulation, as well as the articles 152 of the Code and 10 of Legislative Decree lg. 1 September 2011, no. 150, opposition to this provision may be lodged with the ordinary judicial authority, with an appeal lodged with the ordinary court of the place where the data controller has his residence, within the term of thirty days from the date of communication of the provision itself, or sixty days if the appellant resides abroad.
And here is a translation by ChatGPT (GPT-4) together with a diff against what Google Translate provided you: https://www.diffchecker.com/gPop1UpU/ (Google Translate on the left, GPT-4 on the right)
Now we just need a authentic Italian to tell us which version is most accurate :)
Curiously, their flaws balance out to neither being all that better. GPT-4 gets some words right, but changes the formal tone to something more casual, which doesn’t happen with Google’s translation. If it didn’t, it would probably be the better translation.
"RECOGNIZING, therefore, the need to have, pursuant to art. 58, par. 2, lit. f), of the Regulations - as a matter of urgency and pending the completion of the necessary investigation with respect to what has emerged so far against OpenAI LLC, a US company that develops and manages ChatGPT, the extent of the temporary limitation of the treatment;"
I'm Italian. The proper translation is:
"RECOGNIZING, therefore, the need to have the measure to temporarily limit the treatment, pursuant to art. 58, par. 2, lit. f), of the Regulations - as a matter of urgency and pending the completion of the necessary investigation with respect to what has emerged so far against OpenAI LLC, a US company that develops and manages ChatGPT".
Everything else is translated pretty well.
I found Google Translate to be quite poor at translating nowadays, so I'd say GPT wins hands down. A worthy translating tool to me is deepl.com. Here's a diff between DeepL and your previous GPT one: https://www.diffchecker.com/jMgSgidy/
That said, all 3 do a decent job at translating, it's really hard for me to say which got closer (I can say GTranslate sure didnt, but it's not far behind) those kinds of docs employ legalese that's sometimes way removed from colloquial italian (e.g. "ovvero" almost always means "that is" in italian, but always means "or else" in legal documents).
Artificial Intelligence: The Guarantor blocks ChatGPT Illegal collection of personal data. Absence of systems for verifying the age of minors
Stop ChatGPT until it respects the privacy regulation. The Guarantor for the protection of personal data has ordered, with immediate effect, the temporary limitation of the processing of data of Italian users against OpenAI, the US company that developed and manages the platform. At the same time, the Authority opened an investigation.
ChatGPT, the best known of the relational artificial intelligence software capable of simulating and processing human conversations, on March 20 suffered a data loss (data breach) regarding user conversations and information relating to the payment of subscribers to the paid service.
In the provision, the Privacy Guarantor notes the lack of information to users and all interested parties whose data is collected by OpenAI, but above all the absence of a legal basis that justifies the mass collection and storage of personal data, for the purpose of "train" the algorithms underlying the operation of the platform.
As evidenced by the checks carried out, the information provided by ChatGPT does not always correspond to the real data, thus determining an inaccurate processing of personal data.
Lastly, although - according to the terms published by OpenAI - the service is aimed at people over the age of 13, the Authority points out that the absence of any filter for verifying the age of users exposes minors to absolutely unsuitable answers compared to the their degree of development and self-awareness.
OpenAI, which does not have an office in the Union but has designated a representative in the European Economic Area, must communicate within 20 days the measures undertaken in implementation of what is requested by the Guarantor, under penalty of a fine of up to 20 million euros or up to 4% of the annual global turnover.
Rome, 31 March 2023