The Italian Data Protection Authority has embarked on a “fact-finding” investigation to assess the security practices of both public and private websites to counter the growing issue of AI data scraping. This initiative comes as a response to concerns regarding gathering data for training artificial intelligence (AI) algorithms and the potential privacy infringements associated with it.
Preventing web scraping of personal data
The investigation’s primary goal is to examine the adoption of appropriate security measures on public and private websites to thwart the practice of “web scraping” personal data for AI training purposes. Third-party “spiders” employed by AI algorithm manufacturers to collect data from these websites are of particular concern.
The Italian Data Protection Authority’s scope extends to all public or private entities operating as data controllers in Italy or providing services within the country that make personal data freely accessible online. While specific companies were not named, the regulator acknowledged that various AI platforms use web scraping to amass significant quantities of personal data. Following the investigation, the authority intends to take any necessary measures, including urgent actions.
Global impact of AI data scraping
Stakeholder involvement in the investigation
Italian regulators have invited experts in the AI industry, academics, and other stakeholders to participate actively in this process. They are encouraged to share their insights and comments within a 60-day window, contributing to a more comprehensive understanding of the challenges posed by AI data scraping.
Italy’s vigilance on AI and privacy
The Italian privacy watchdog has been proactive in addressing AI-related concerns. In March 2023, it banned the operation of the popular AI chatbot ChatGPT in Italy due to privacy breaches. Moreover, in May, Italy established a designated fund with millions of euros allocated to support workers at risk of job displacement due to AI adoption.
European collaboration on AI regulation
In recent developments, Italy, France, and Germany entered into an agreement on future AI regulation. This agreement, outlined in a joint paper seen by Reuters, is expected to facilitate similar negotiations at the European Union level. The three countries are advocating for voluntary commitments for both large and small AI providers within the European Union, aiming to establish a framework that ensures responsible AI development and deployment.
As the Italian Data Protection Authority delves into its “fact-finding” probe and seeks broader collaboration on AI regulation, it underscores the increasing global attention and efforts to address the complex challenges posed by AI data scraping and privacy infringements in the digital age.