The Italian Data Protection Authority (DPA) has fined OpenAI €15 million for violating personal data processing regulations.
In March 2023, a data breach occurred, which the company failed to report. The investigation also revealed that OpenAI processed user data to train its AI models in violation of transparency principles and related informational obligations.
Additionally, the DPA highlighted the lack of age verification mechanisms, allowing children under 13 to access responses that may be inappropriate for their level of development.
The regulator has mandated OpenAI to conduct a large-scale public awareness campaign via media and the internet to explain how generative AI works and how users can protect their data. This campaign must be completed within six months.
The fine was reduced due to OpenAI’s cooperation during the investigation.
