Our remarks • The swift and comprehensive action from the Italian • On a GDPR note, one should always remember to DPA shows great regulatory attention in the field of enter into a data processing agreement and carry AI powered platforms such as ChatGPT. out a risk assessment before using services like • Besides the Italian DPA, supervisory authorities in ChatGPT, if personal data is shared with the AI. both France, Germany, Ireland, Canada and South • If a data controller processes personal data using Korea have initiated investigations into OpenAI’s AI, it is important to assess whether the processing practices. falls within the scope of Article 22 of the GDPR, • Additionally, the EDPB has launched a dedicated regarding “Automated individual decision-making, taskforce to “foster cooperation and to exchange including profiling”. This article provides the data information on possible enforcement actions subject the right not to be subject to decisions conducted by data protection authorities”. “based solely on automated processing, including profiling, which produces legal effects”. • With the widespread commercial success of • Regarding the obligation to inform about Artificial Intelligence powered platforms, and processing personal data in AI, please refer to the the ongoing warnings from academics and case “Italian Deliveroo was fined €2.5 million for not professionals, the regulatory framework of informing about the automated processing”. platforms such as ChatGPT are highly disputed. • The ongoing controversy surrounding the platform also illustrates the need for a comprehensive legal framework for artificial intelligence in general. It remains to be seen if the upcoming EU AI Act will claim that role. 141