What was the OpenAI GDPR fine about?
Category:LLM Privacy & Compliance
Quick Answer
In December 2024, Italy fined OpenAI €15 million — first GenAI GDPR fine. Violations: no legal basis for training on user data, lack of transparency, no age verification for minors, failed to report March 2023 breach, inadequate data protection. OpenAI is appealing.
Detailed Answer
In December 2024, Italys Garante fined OpenAI €15 million — the first GenAI-related GDPR fine.
The violations:
| Violation | GDPR Article |
|---|---|
| No legal basis for processing user data for training | Art. 6 |
| Lack of transparency about data collection | Art. 5(1)(a), 12, 13 |
| No age verification for minors under 13 | Art. 25 |
| Failed to report March 2023 data breach | Art. 33 |
| Inadequate data protection measures | Art. 24, 25, 32 |
Additionally: OpenAI must run a 6-month public awareness campaign in Italian media.
OpenAI called it disproportionate (the fine was 20x their Italian revenue) and is appealing.
Comments
Loading comments...