In this latest PrivacyEspresso episode, we discuss with Luca Egitto, Partner at RPLT, the recent €15 million fine issued by the Italian Data Protection Authority (DPA) against OpenAI. This case raises fundamental questions about GDPR’s reach, legal bases for AI training data, age verification, and the accuracy of AI-generated outputs.
What happened :
– The Italian DPA found OpenAI in violation of GDPR, citing a lack of legal basis for processing personal data, inadequate privacy disclosures, weak age verification measures, and concerns over inaccurate AI-generated information.
– The decision reinforces GDPR’s global applicability, even for companies based outside the EU, as OpenAI argued it wasn’t initially prepared to comply with worldwide regulations.
But that’s not all, there’s a new player in the AI regulatory spotlight. The Italian DPA has now turned its attention to DeepSeek, raising concerns about the accuracy of its outputs and potential risks to personal data. This case could mark a new phase in regulatory oversight of AI models developed outside the US and EU.
What does this mean for businesses :
AI companies must take proactive steps to ensure GDPR compliance from the outset, particularly in legal basis determination, transparency, and safeguarding personal data accuracy. With regulators moving swiftly, as seen in the DeepSeek case, AI developers must be prepared for immediate scrutiny upon launch.
Don’t miss this insightful discussion with Luca Egitto as we unpack the implications of these cases and what’s next for AI regulation.
Listen to the full episode now : https://bit.ly/3EjVwkz