By Elvira Pollina and Supantha Mukherjee
MILAN/STOCKHOLM (Reuters) – Italy’s data protection authority Garante plans to review other artificial intelligence platforms and hire AI experts, a top official said, as it ramps up scrutiny of the powerful technology after temporarily banning ChatGPT in March.
Garante is among the most proactive of the 31 national data protection authorities which oversee Europe’s data privacy regime known as the General Data Protection Regulation (GDPR).
The agency was the first to ban AI chatbot company Replika, to impose fines on facial recognition software maker Clearview AI, and to restrict TikTok in Europe.
In March, it temporarily banned Microsoft Corp-backed OpenAI’s bot ChatGPT and launched a probe over the application’s suspected breach of privacy rules.
“We plan to kick off a wide-scope review of generative and machine learning AI applications which are available online because we want to understand if these new tools are addressing issues linked to data protection and privacy laws compliance – and we will start new probes, if needed,” said Agostino Ghiglia, a member of Garante’s board.
The success of ChatGPT has prompted tech heavyweights from Alphabet to Meta to promote their own versions, and lawmakers and governments around the world are debating new laws that could take years to be enforced.
“We are looking for three AI advisers because we are aware AI tools are evolving very quickly and we need experts with tech background to help us in our data protection activity,” Ghiglia said.
The move is the latest example of how some regulators are relying on existing laws to control a technology that could upend the way societies and businesses operate.
The four-member Garante board is made up of law experts. Ghiglia said the authority has 144 staff, well below its European peers in France, Spain and Britain. Most have a background in law, Ghiglia said.
In its crackdown on ChaTGPT, Garante used provisions of GDPR, particularly those that protect underage children and grant individuals the right to request cancellation and object to the use of their personal data.
After Garante took steps, ChatGPT maker OpenAI made changes to its chatbot to regain compliance.
“Members of the Garante board often become aware of potential breaches of privacy laws because we simply explore digital tools and applications once they are available,” Ghiglia said.
“We explored ChatGPT and realised it was not compliant with EU data privacy rules.”
It will take years for potential new legislation regulating AI to come into force.
“That’s why we decided to act swiftly with ChatGPT”, Ghiglia said.
(Reporting by Elvira Pollina in Milan and Supantha Mukherjee in Stockholm; Editing by Bernadette Baum)