OpenAI – €15,000,000 Fine (Italy, 2024)
€15,000,000Garante per la protezione dei dati personali20 December 2024Italy
final
ePrivacy
Fine
The case involves a data breach related to a technical bug in the ChatGPT service, not cookies or consent mechanisms.
GDPR Articles Cited
AI-verified
Art. 5 GDPR
Art. 5 GDPRCore data protection principles: lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and accountability.Art. 6 GDPR
Art. 6 GDPRLegal bases for processing personal data (consent, contract, legal obligation, vital interests, public task, or legitimate interests).Art. 8 GDPR
Art. 8 GDPRRules for processing children's data. Parental consent required for children under 16 (or lower age set by member states, minimum 13).Art. 13 GDPR
Art. 13 GDPRInformation to provide when collecting data directly from the person (identity of controller, purpose, legal basis, retention period, rights).Art. 14 GDPR
Art. 14 GDPRInformation to provide when data was not obtained directly from the person (e.g., from third parties or public sources).Art. 33 GDPR
Art. 33 GDPRBreach notification to the authority: personal data breaches must be reported to the supervisory authority within 72 hours.Art. 55 GDPR
Art. 56 GDPR
View original scraped data
Art. 5 GDPR
Art. 6 GDPR
Art. 8 GDPR
Art. 13 GDPR
Art. 14 GDPR
Art. 33 GDPR
Art. 55 GDPR
Art. 56 GDPR
Original data from scraper before AI verification against source document.
Source verified 4 March 2026
articles corrected
scope corrected
Full Legal Summary
The case involves a data breach related to a technical bug in the ChatGPT service, not cookies or consent mechanisms.
Violations (1)
Cookies Placed Before Consent
critical
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (1)
Other enforcement actions involving OpenAI in IT
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
20 December 2024
Authority
Garante per la protezione dei dati personali
Fine Amount
€15,000,000
GDPRhub ID
gdprhub-8679About this data
Cite as: Cookie Fines. OpenAI - Italy (2024). Retrieved from cookiefines.eu
Report Inaccuracy
Last updated: