The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

ChatGPT banned in Italy

Just two days after an open letter urged a halt on the development of generative AI models, Italy's data protection authority stepped in, ordering OpenAI to cease processing user data locally. The Italian DPA is concerned that ChatGPT, the popular AI-powered chatbot by OpenAI, may be violating the GDPR and has launched an investigation.

There are several GDPR-related issues at hand, including potential unlawful processing of personal data, inadequate protections for minors, and data breaches such as the one OpenAI admitted to earlier this month. Furthermore, questions arise over the legal basis for processing Europeans' data and whether the company has informed users whose data was used to train its commercial AI models.

While the Italian DPA's intervention may prompt other EU authorities to follow suit, the future remains uncertain for AI companies like OpenAI. If found to be processing data unlawfully, they could face substantial penalties, including fines up to 4% of annual turnover or €20 million, and be forced to delete user data.

This situation serves as a timely reminder for data privacy professionals that cutting-edge AI technology is not immune to existing regulations. It underscores the importance of ensuring compliance, particularly in the context of data minimization, transparency, and fairness.

It’s worth keeping a close eye on these developments and considering the implications for AI and machine learning systems. The enforcement of retraining models or even the possibility that technologies like ChatGPT have broken data protection law highlights the need for greater collaboration between AI developers, regulators, and privacy experts.

We should also recognize that the current legal frameworks may not adequately address the unique challenges posed by AI technologies. It is crucial for us to advocate for the development of more comprehensive regulations and guidelines that balance the benefits of AI with the protection of individual privacy rights.

The future of AI and data privacy continues to unfold before our eyes.

Weaponise data privacy as a competitive advantage

In an era of increased data breaches and tighter data protection laws, data privacy has become a prominent concern for organizations worldwide. An article in Computer Weekly highlights Gartner's perspective on how organizations can turn data privacy into a competitive advantage and build a privacy program that aligns with business goals, rather than merely focusing on regulatory compliance.

According to Richard Addiscott, senior director analyst at Gartner, modern data privacy regulations will cover consumer data by 2024, but less than 10% of organizations would have successfully weaponized privacy as a competitive advantage. Lisa Neubauer, advisor in Gartner's security and risk management practice, emphasizes that organizations with robust privacy programs can avoid fines, data breaches, and reputational damage while using data more broadly, differentiating from competitors, and building trust with customers, business partners, investors, regulators, and the public.

To truly weaponize privacy, organizations need to develop the right metrics for measuring and reporting the effectiveness of their privacy programs. Trust is now a critical component of brand identity, as demonstrated by Apple, which has been marketing its privacy practices despite many of these practices being driven by regulatory compliance.

Organizations must also consider their customers' perspectives on privacy, ensuring that their privacy program aligns with business targets and key performance indicators. Neubauer suggests that by making privacy a key part of the customer value proposition, privacy can become a conviction-based motivator for buyers, much like consumers choose organic or cruelty-free products.

In conclusion, says the piece, privacy professionals should focus not only on compliance but also on leveraging data privacy as a competitive advantage. By understanding and incorporating customers' privacy preferences and building a strong privacy program, organizations can transform the perception of data privacy from a regulatory burden to a valuable differentiator in the market.

Other data privacy news

China urges Apple to strengthen data security

China has urged Apple (AAPL.O) to strengthen its data security and personal privacy protection, the country's state planner said in a statement on Tuesday.

Silence gets you nowhere in a data breach

Your victim status won’t last long if your response is nonexistent

World Backup Day: How to have a data protection strategy

A good data protection strategy is one that allows data to be backed up in a manner that not only protects it but also ensures the ability to rapidly recover

Post of the week