Tag: GDPR

  • DeepSeek App Pulled from Italian Stores Due to Privacy Issues

    DeepSeek App Pulled from Italian Stores Due to Privacy Issues

    DeepSeek, a startup from China focusing on artificial intelligence, has recently faced significant regulatory challenges in Italy. Its app has unexpectedly disappeared from both Apple’s App Store and Google Play. This action comes after Italy’s data protection authority, Garante, initiated a formal investigation into how DeepSeek manages and gathers user data. Concerns surrounding data privacy and safety have put the AI firm under a microscope, mirroring similar worries expressed in the United States and Australia.

    Italian Authority Demands Clarity on Data Usage

    Italy’s privacy regulator has granted DeepSeek and its associated companies a 20-day period to reveal essential information related to their data handling practices. Authorities are requesting specifics about the types of personal data collected, how it is sourced, its intended use, and whether the information is stored on servers located in China. Additionally, they have inquired about how DeepSeek communicates data processing practices to both registered and unregistered users, especially when information is sourced via web scraping techniques.

    Privacy Issues Amid Rapid Success

    Concerns regarding privacy have escalated following DeepSeek’s rapid ascent. The launch of its AI assistant, which rivals OpenAI’s ChatGPT, saw the app quickly rise to the top of download lists across various nations, causing unease among competitors in the US tech sector. Concurrently, US officials are evaluating possible national security threats linked to the widespread use of a Chinese AI model, with the US Navy specifically cautioning its personnel against using DeepSeek.

    Data Transparency Under Fire

    Transparency in how data is managed remains a critical point of contention. According to the company’s privacy policy, user data is kept on secure servers in China and might be shared with affiliated organizations and service providers. Despite this, Euroconsumers—a group of European consumer advocates—has raised concerns regarding the sufficiency of these notifications and questioned DeepSeek’s compliance with the European Union’s General Data Protection Regulation (GDPR).

    Italy’s examination of DeepSeek is not a new development. Earlier in 2023, the country temporarily prohibited ChatGPT due to worries about user data protection. In response to these issues, OpenAI made several adjustments to its platform, including enhanced transparency about data processing, providing users with opt-out choices, and instituting age verification measures aimed at protecting children under 13. These modifications ultimately led to the reinstatement of the chatbot.

    Future Implications for DeepSeek

    As DeepSeek continues to expand its presence worldwide, the regulatory hurdles it faces are intensifying. The company is required to provide answers to the Italian regulator by February 17, a deadline that could significantly impact its future operations in the European market. Should authorities determine that privacy laws have been violated, DeepSeek may encounter severe penalties or operational restrictions, potentially setting a precedent for the examination of AI products created outside Western jurisdictions.

  • OpenAI Fined €15 Million by Italy’s Data Protection Authority

    OpenAI Fined €15 Million by Italy’s Data Protection Authority

    The Italian Data Protection Authority has revealed that it has imposed a €15 million fine on OpenAI for multiple breaches of the EU’s GDPR regulations. The agency claims that the creator of ChatGPT collected personal data without a lawful reason and also failed to report a security breach that occurred in March 2023.

    Concerns About Child Safety

    Additionally, the agency pointed out that OpenAI lacked proper “mechanisms for age verification,” which could lead to children under 13 being exposed to responses that are not suitable for their level of maturity and understanding. This raises serious concerns about the safety of young users interacting with the platform.

    Required Actions by OpenAI

    The authority has mandated that OpenAI establishes a “six-month institutional communication campaign across radio, television, newspapers, and the Internet.” This campaign aims to enhance public knowledge and awareness regarding how ChatGPT operates, as well as how it collects and manages user data.

    In a response shared with Euro News, OpenAI described the ruling as “disproportionate” and expressed its intention to challenge the decision. The spokesperson mentioned that the penalty was “almost 20 times” the revenue generated by the company in Italy for the year.

    Source: Link

  • Terms Update Allows X to Sell User Data to Third Parties

    Terms Update Allows X to Sell User Data to Third Parties

    The social media site X, which used to be called Twitter, has updated its general terms and conditions (T&Cs). Now, these terms permit the sharing of customer data with third parties. This allows X to sell user data to various companies, which can then utilize it for their own needs, like training their artificial intelligence systems.

    Changes Coming Soon

    These alterations to the T&Cs will take effect on November 15, 2024, and will automatically apply to all users. The new privacy policy mentions:

    “If you do not opt out, recipients of the information may in some cases use it for their own independent purposes, including, for example, to train their artificial intelligence models, in addition to the purposes specified in X’s Privacy Policy.”

    Criticism and Concerns

    X has faced backlash for its management of user data for a while now. In 2023, the firm, owned by Elon Musk of Tesla and SpaceX fame, was criticized by the EU Commission for breaching the General Data Protection Regulation (GDPR) and the Digital Services Act (DSA). This incident involved unlawful micro-targeting in political ads. The recent modifications to the terms and conditions are expected to intensify discussions about user data protection.

    Users can choose to object to their data being shared. However, this requires them to take action, which means they must be aware that their data is being shared in the first place. Even though there are still a few days until October 15, X has yet to disclose where users can find the opt-out option.

    New Measures Against Data Collectors

    Alongside the updates to the data protection policy, X is also putting stricter rules in place against external data harvesters. The new T&Cs will impose hefty fines for those using automated tools to gather large amounts of data from the platform. If an account is found to be viewing 1 million posts in a 24-hour period, it will incur a fine of $15,000, with the same penalty applying for each additional million posts viewed.