意大利数据保护监管机构指责ChatGPT侵犯隐私

Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region.

意大利的数据保护机构（DPA）已通知ChatGPT制造商OpenAI据称违反了该地区的隐私法。

"The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation]," the Garante per la protezione dei dati personali (aka the Garante) said in a statement on Monday.

“可用的证据指向存在违反欧盟GDPR（通用数据保护条例）规定的行为，”Garante per la protezione dei dati personali（也称为Garante）在周一的一份声明中表示。

It also said it will "take account of the work in progress within the ad-hoc task force set up by the European Data Protection Framework (EDPB) in its final determination on the case."

它还表示将“考虑欧洲数据保护框架（EDPB）设立的特设工作组正在进行的工作，以决定最终的裁决。”

The development comes nearly 10 months after the watchdog imposed a temporary ban on ChatGPT in the country, weeks after which OpenAI announced a number of privacy controls, including an opt-out form to remove one's personal data from being processed by the large language model (LLM). Access to the tool was subsequently reinstated in late April 2023.

这一发展发生在监管机构在该国对ChatGPT实施临时禁令近10个月后，之后OpenAI宣布了一系列隐私控制措施，包括一个用于移除个人数据并停止其被大型语言模型（LLM）处理的选择退出表单。该工具于2023年4月下旬恢复访问。

The Italian DPA said the latest findings, which have not been publicly disclosed, are the result of a multi-month investigation that was initiated at the same time. OpenAI has been given 30 days to respond to the allegations.

意大利DPA表示，最新的调查结果尚未公开披露，这是一项历时数月的调查的结果，该调查同时启动。OpenAI被要求在30天内回应这些指控。

BBC reported that the transgressions are related to collecting personal data and age protections. OpenAI, in its help page, says that "ChatGPT is not meant for children under 13, and we require that children ages 13 to 18 obtain parental consent before using ChatGPT."

BBC报道称，这些违规行为涉及收集个人数据和年龄保护。在其帮助页面上，OpenAI表示“ChatGPT并不适用于13岁以下的儿童，我们要求13至18岁的儿童在使用ChatGPT之前获得父母的同意。”

But there are also concerns that sensitive information could be exposed as well as younger users may be exposed to inappropriate content generated by the chatbot.

但也有人担心可能会泄露敏感信息，并且年轻用户可能会接触到聊天机器人生成的不适当内容。

Indeed, Ars Technica reported this week that ChatGPT is leaking private conversations that include login credentials and other personal details of unrelated users who are said to be employees of a pharmacy prescription drug portal.

事实上，Ars Technica本周报道称，ChatGPT正在泄露包括登录凭据和其他个人细节在内的私人对话，这些对话据说来自一家药品处方门户网站的员工。

Then in September 2023, Google's Bard chatbot was found to have a bug in the sharing feature that allowed private chats to be indexed by Google search, inadvertently exposing sensitive information that may have been shared in the conversations.

然后在2023年9月，Google的Bard聊天机器人被发现在共享功能中存在漏洞，导致私人聊天被Google搜索索引，无意中暴露可能在对话中共享的敏感信息。

Generative artificial intelligence tools like ChatGPT, Bard, and Anthropic Claude rely on being fed large amounts of data from multiple sources on the internet.

ChatGPT、Bard和Anthropic Claude等生成式人工智能工具依赖于从互联网多个来源获取大量数据。

In a statement shared with TechCrunch, OpenAI said its "practices align with GDPR and other privacy laws, and we take additional steps to protect people's data and privacy."

OpenAI在与TechCrunch分享的声明中表示，其“实践符合GDPR和其他隐私法律，并采取额外步骤保护人们的数据和隐私。”

Apple Warns Against Proposed U.K. Law
苹果警告反对提议的英国法律

The development comes as Apple said it's "deeply concerned" about proposed amendments to the U.K. Investigatory Powers Act (IPA) could give the government unprecedented power to "secretly veto" privacy and security updates to its products and services.

这一发展出现在苹果表示对英国调查权法案（IPA）的修正案“深感关切”，该修正案可能赋予政府对其产品和服务的隐私和安全更新进行“秘密否决”的前所未有的权力。

"It's an unprecedented overreach by the government and, if enacted, the U.K. could attempt to secretly veto new user protections globally preventing us from ever offering them to customers," the tech giant told BBC.

“这是政府的前所未有的过度干涉，如果实施，英国可能试图秘密否决全球新的用户保护措施，以防止我们向客户提供这些措施，”这家科技巨头告诉BBC。

The U.K. Home Office said adopting secure communications technologies, including end-to-end encryption, cannot come at the cost of public safety as well as protecting the nation from child sexual abusers and terrorists.

英国内政部表示，采用包括端到端加密在内的安全通信技术，不能以公众安全以及保护免受儿童性虐待者和恐怖分子侵害的国家为代价。

The changes are aimed at improving the intelligence services' ability to "respond with greater agility and speed to existing and emerging threats to national security."

这些改变旨在提高情报机构对“现有和新出现的国家安全威胁”做出“更敏捷和迅速的反应能力。”

Specifically, they require technology companies that field government data requests to notify the U.K. government of any technical changes that could affect their "existing lawful access capabilities."

具体而言，它们要求技术公司在接受政府数据请求时，通知英国政府任何可能影响其“现有合法访问能力”的技术变更。

"A key driver for this amendment is to give operational partners time to understand the change and adapt their investigative techniques where necessary, which may in some circumstances be all that is required to maintain lawful access," the government notes in a fact sheet, adding "it does not provide powers for the Secretary of State to approve or refuse technical changes."

政府在一份事实说明中指出，“这一修正案的一个关键动因是为了给运营伙伴时间了解变化，并根据需要调整其调查技术，这在某些情况下可能是维持合法访问所需的全部。”

Apple, in July 2023, said it would rather stop offering iMessage and FaceTime services in the U.K. than compromise on users' privacy and security.

苹果在2023年7月表示，宁愿停止在英国提供iMessage和FaceTime服务，也不愿在用户的隐私和安全方面妥协。

原文始发于微信公众号（知机安全）：意大利数据保护监管机构指责ChatGPT侵犯隐私