Iubenda logo
Start generating


Table of Contents

The Italian Garante has blocked ChatGPT: what we know so far

On Friday, March 30, 2023, the Italian Data Protection Authority (Garante Privacy) ordered OpenAI, the organization that owns ChatGPT, to temporarily suspend the processing of data of Italian users.

The decision comes in the aftermath of a data breach that affected ChatGPT and led to the disclosure of payment details and conversations of 1.2% of ChatGPT Plus users.


ChatGPT is accessible again in Italy. After a meeting with the Garante Privacy, OpenAI has introduced new data protection measures, as required by the Italian authority.

In particular, OpenAI has published a notice, dedicated to all users and non-users, in which it explains which personal data are processed for algorithm training and in what manner. European users are also given the right to object to the processing of their personal data. Regarding the minimum age requirement, OpenAI has included the requirement to confirm the date of birth on the service sign-up page, and provided a block on registration for users under thirteen years of age.

You can access the official press release here.


Why did the Garante block ChatGPT?

Underlying the Garante’s measure are four main reasons:

  • OpenAI does not provide a privacy policy to users, nor to data subjects whose data is collected by OpenAI and processed through the ChatGPT service.
  • OpenAI does not specify any legal basis in relation to the collection of personal data and its processing for the purpose of training the algorithms that serve the operation of ChatGPT.
  • The processing of personal information of data subjects is inaccurate because the information provided by ChatGPT does not always match the actual data.
  • There is a lack of a process for verifying the age of users in relation to the ChatGPT service, which, according to the terms published by OpenAI, is restricted to individuals who are at least 13 years old. The absence of such a process exposes minors to “totally unsuitable responses” for their age.

In light of this, the processing of personal data of users, including minors, and data subjects whose data is used by the service is in violation of the GDPR.

In an interview, Guido Scorza – one of the members of the Italian Garante – said that the Authority’s concern is mainly about the processing of data that is used to “train the algorithm.” The measure is therefore a precautionary measure and will kick off a more in-depth investigation. The Garante has given OpenAI twenty days to communicate the measures taken to implement what was requested, or the organization risks a penalty of up to 20 million euros or up to 4% of annual global turnover.

What was OpenAI response?

As a consequence, OpenAI decided to suspend the ChatGPT service for all users accessing from Italy and to refund all Italian users who purchased a ChatGPT Plus subscription.

chatgpt down in Italy

So far, no other statements have been released by the American organization. The only statement is from Sam Altman, CEO of OpenAI, who announced on Twitter the decision to suspend ChatGPT for Italy:

The Garante’s measure could also lead other European Data Protection Authorities to make the same decision, as happened with Google Analytics.

Our take

iubenda’s CEO, Andrea Giannangelo, also shared his views on the matter. In an interview with the Italian newspaper La Repubblica, he said:

It amazes me that the message going out is that enforcing the European data legislation, the GDPR, is not needed. The whole world is going in the European direction, and having rules is the only way to make big companies respect users’ rights.

Want to know how OpenAI could have avoided the Garante’s measure?

Check here 👉 5 things you need to do now to comply with GDPR

About us


Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.