Italy’s data protection agency, the Italian Data Protection Authority (IDPA), has fined OpenAI 15 million euros ($15.7 million) and ordered the company to launch a six-month public awareness campaign following an investigation into its flagship artificial intelligence model, ChatGPT. The IDPA stated that OpenAI failed to notify the agency about a data breach in March 2023. The agency also found that OpenAI processed users’ personal data to train Chatbot without a proper legal basis, violating transparency principles and user information obligations. The investigation further revealed that OpenAI lacked adequate age verification mechanisms, potentially exposing minors under 13 to inappropriate content. As part of the corrective measures, the IDPA has mandated OpenAI to conduct a public awareness campaign across various media outlets, promoting understanding of ChatGPT’s data collection and user rights under the General Data Protection Regulation (GDPR). After the campaign, users should be aware of how to oppose the training of generative AI with their data and exercise their rights under the GDPR. OpenAI’s cooperation during the investigation led to a reduction in the size of the fine. The company has relocated its European headquarters to Ireland, and the Irish Data Protection Authority (DPC) will continue any ongoing investigations as the lead supervisory authority. The IDPA initiated the investigation in March 2023 and considered the European Data Protection Board’s opinion on using personal data for AI model development and deployment. Italy temporarily blocked ChatGPT in March 2023 due to privacy concerns, but the ban was lifted after OpenAI met transparency measures. OpenAI has not yet responded to requests for comment.