An Italian watchdog has found that the artificial intelligence-powered chatbot, ChatGPT, developed by OpenAI, has breached data protection rules. The inquiry by Italy’s Data Protection Authority (DPA) discovered violations related to the collection of personal data and age protections. ChatGPT relies on large amounts of data from the internet to function. OpenAI stated that it believed its practices were in line with privacy laws and that it actively worked to reduce personal data in training its systems. Italy was the first Western country to block ChatGPT in March 2023 due to privacy concerns but reinstated it after OpenAI addressed the issues raised by the DPA. The DPA has now concluded that there are data privacy violations, specifically related to mass collection of user data for training the algorithm. The regulator is also concerned about inappropriate content being generated by the chatbot for younger users. Under the EU’s GDPR law, companies that violate data protection rules can be fined up to 4% of their global turnover. Italy’s DPA works with the European Data Protection Board, which established a task force to monitor ChatGPT. The DPA called for more compliance from OpenAI, including implementing an age verification system and conducting an information campaign to inform Italians of their rights regarding their personal data. OpenAI, which has close ties to Microsoft, stated that it would continue discussions with the regulator.