The personal data protection guarantor could slap the American company with a 20-million-euro fine.

The Italian data protection authority, Garanti, ordered the blocking of the ChatGPT, an AI bot, in Italy at the end of March, on the grounds that it violates the General Data Protection Regulation (GDPR), the main document of the European Union that governs the relationship between IT companies and European users. 

OpenAI, the San Francisco-based developer of the bot, was ordered to stop processing information about users in the EU and has 20 days (until April 20) to delete the data already collected, to table a plan for data protection, and to restrict minors’ access to the technology.

Otherwise, Garanti warns, the authorities will open an investigation and the American company, if found guilty, could be liable for a fine of 4% of its annual turnover or 20 million euros.

It is worth noting that OpenAI does not have an official representation in the EU and, in accordance with GDPR, any competent authority in the field - from any EU state - is entitled to intervene to demand accountability from OpenAI.

The action initiated by Garanti comes just days after over 1,000 researchers, entrepreneurs, investors, and ordinary citizens signed a petition addressed to developers of artificial intelligence programs to introduce a six-month moratorium in this field, in order to give time to governments to come forward with an ethical code for all parties involved in the development of autonomous software.

Multiple journalistic analyses show that AI bots that communicate with people on their own often offer false or manipulative information. Companies such as Google, Microsoft, Amazon, and OpenAI have been particularly targeted.

It is not yet clear what action OpenAI will take in response to the Italian authorities' move.