ChatGPT Block in Italy:
Here are 10 points that aren’t clear to everyone:
1) The Italian Data Protection Authority DID NOT BLOCK access to ChatGPT. They “blocked” data processing. In essence, they had 20 days to clarify, and even in the case of no response, there would have been other procedures before EVENTUALLY leading to an access block.
2) ChatGPT is now inaccessible in Italy because they decided to “switch it off” in the country. No one ordered them to do so.
3) If ChatGPT chose to “switch off” access in Italy instead of providing clarification to the Authority, it leads one to suspect that they might not have been handling data in compliance with the law. They could have kept the service open and explained to the Authority that they were indeed following the law. Instead, they shut it down… We’ll see what their response will be.
4) When the Authority refers to personal data processing, they’re not talking about emails and passwords entered by users, but mainly about data collected from the web without complying with the law. The issue is enormous, on a global scale.
5) Another concern raised by the Authority is that the collected data is reprocessed without protecting individuals. For example, anyone could see their name associated with defamatory content, with no control or possibility to correct the error. There have been cases where innocent individuals were described as criminals. If that happened to me, I wouldn’t be pleased. Imagine if your underage child’s name was associated with terrible things when searched for or mentioned in a chat worldwide…
6) The perception of the value of privacy seems to be at an all-time low, and people often underestimate the problem as it is abstract and seemingly only a source of issues for users. The Authority protects even those who don’t understand what they’re protecting and why. That’s the beauty of institutions and civilisation.
7) The point isn’t “oh, I can just use a VPN and solve the problem”. That would be like saying, “The law prohibits selling alcohol to my 5-year-old child? Who cares, I’m clever and I’ll buy it for them, so I outsmart them!”. You’re not outsmarting them; you’re fooling yourself (and your child).
8) There’s a lack of understanding of what the Authority actually does. Many don’t know that they have no direct power over the “Do Not Call” Registry. So, the fact that it doesn’t work and many can’t get off the list of unwanted calls has nothing to do with the Authority’s powers.
9) The issue isn’t about “the backwardness of the country, anti-technology”. On the contrary, Italy has always been ahead in privacy matters, and this decision demonstrates that the country understood the complexity of the problem before other nations and acted proactively. I wouldn’t be surprised if other countries started making similar requests to ChatGPT and saw them shut down in those countries too.
10) I’ll close with a personal observation: do we want to design innovation safely or not? Privacy should be “by design”, as they say. It must be part of the product. Just as safety is in a car today. When designing a car, they think about safety. They don’t create a vehicle with everything else in mind and then add cushions around it at the end to address the fact that it wasn’t designed to protect passengers’ lives. This also applies to other issues not directly related to this decision but should be equally important. For example, ethics by design, algorithm and data transparency in generating responses, copyright issues, and many other topics that sometimes escape non-experts but should be addressed by institutions and authorities responsible for protecting citizens.