bbieron@platformeconomyinsights.com

Italian Court Scraps 2024 Fine Levied Against OpenAI for GDPR Violations

Apr 4, 2026

Report from Reuters

In Brief – A Rome court has cancelled the 15 million euro fine imposed on OpenAI by Italy’s data protection authority for violations of the GDPR in the development and operation of ChatGPT. The fine was issued in December 2024 over the alleged unlawful use of personal data by the market-leading generative AI application. The court has not released its full ruling and the national data protection authority, known as Garante, declined to comment. OpenAI reacted to the ruling saying, “We welcome the decision by the Court ⁠of Rome. We’ve always been committed to respecting user privacy and ⁠look forward to helping more Italian people, businesses and society benefit from AI.”

Context – When ChatGPT burst onto the stage in late 2022 it upended AI expectations, discourse, and public policy. The Garante made a big splash in early 2023 by banning the chatbot in Italy for failing to conform with the EU’s landmark data protection law. The regulator questioned how OpenAI collected data to train its models, the implications of hallucinations about individuals, the inability to keep children off the app, and how the company handled user personal information. OpenAI eventually reached an agreement with Garante to age-check users and clarify how it collected and handled user data inputted into ChatGPT by Italians via signup and queries. In the years since, the EU has enacted the AI Act to regulate all AI applications, including chatbots and foundation models. One of the growing European “digital sovereignty” concerns is the need to keep pace with the AI industries in the US and China. In response, the EU Commission has come forward with an “AI Continent Action Plan” and several initiatives to promote AI development and use. Critics of the bloc’s regulatory and tax environment argue it slows investment and development, charging that the AI Act is the world’s most aggressive AI regulatory regime and that regulatory overlaps involving other EU digital regimes, including the GDPR and DMA, also continue to crop up and create further regulatory uncertainty.

View By Monthly
Latest Blog
German Court Rules That Google Is Responsible for AI Overview Errors

Report from The Decoder In Brief – The German Regional Court of Munich has ruled that Google is directly liable for false statements produced by its AI Overviews feature. The case involves two plaintiffs who alleged that Google’s AI summaries wrongly linked their...

Florida Sues OpenAI for Creating Chatbot That Endangers Children

Report from the Washington Post In Brief – The State of Florida has filed a civil lawsuit against OpenAI and its CEO Sam Altman, alleging that ChatGPT was developed and marketed in ways that endanger children while prioritizing profit. The lawsuit...

European Commission Releases Long-Awaited Tech Sovereignty Plan

Report from the New York Times In Brief – The European Commission announced its technology sovereignty strategy to reduce dependence on foreign providers and strengthen Europe’s economic and geopolitical resilience. The initiative focuses on technology products and...

The European Commission Issues Temu a Digital Services Act Fine

Report from the New York Times In Brief – The European Union has fined the Chinese e-commerce platform Temu €200 million ($232 million) for violating the Digital Services Act (DSA) by failing to adequately identify and prevent the sale of illegal products on its...

Platform Economy Insights produces a short email four times a week that reviews two top stories with concise analysis. It is the best way to keep on top of the news you should know. Sign up for this free email here.

* indicates required