Italy’s Data Protection Agency Bolsters Scrutiny of AI Systems and Initiates Wide-Scope Review of Generative and Machine Learning Applications

Italy’s data protection agency, the Garante, has recently made headlines by indicating its plans to intensify scrutiny of AI systems operating within the country. This decision comes on the heels of a temporary ban imposed on ChatGPT, a Microsoft-backed AI platform, which was subsequently required to make changes in order to comply with privacy regulations. The Garante, leveraging the provisions of the General Data Protection Regulation (GDPR), launched a probe into suspected privacy breaches, prompting OpenAI, the developer of ChatGPT, to implement the necessary modifications to ensure regulatory compliance.

According to Agostino Ghiglia, a board member of the Garante, the agency’s upcoming endeavors will include conducting a comprehensive and wide-scope review of generative and machine learning AI applications. The aim of this review is to thoroughly examine whether these emerging technologies adequately address concerns pertaining to data protection and compliance with privacy laws. Ghiglia further emphasized that the Garante is fully prepared to initiate probes if any issues or non-compliance are discovered during the review process.

Recognizing the need to expand its expertise in the field of AI, the Garante has embarked on the recruitment process to hire three AI advisers. Traditionally, the agency has predominantly employed individuals with a legal background. However, as the threats posed by rapidly-evolving technology become more complex, the Garante aims to adopt a multidisciplinary approach by incorporating professionals with specialized knowledge in AI. This strategic move allows the agency to effectively navigate the challenges arising from AI while leveraging a solid legal framework.

During the examination of ChatGPT, the Garante concentrated its efforts on addressing potential privacy law violations. It deemed this approach necessary since alternative routes, such as enacting new legislation specifically tailored to regulate AI, could take several years to materialize. By promptly addressing privacy concerns using existing legislation, the Garante demonstrated its commitment to safeguarding the privacy rights of individuals in the face of evolving AI technologies.

Italy’s proactive stance on AI regulation sets an example for other countries. In response to the growing impact of generative AI, several nations, including the United States and the United Kingdom, have initiated their own processes to evaluate the implications of this technology. As the international community grapples with the challenges and potential risks posed by AI, Italy’s Garante has emerged as a frontrunner in ensuring robust data protection and privacy compliance in the realm of AI systems and applications.