90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-071
Technology · Italy · 2024 · Training-data provenance

Italy's privacy regulator fined OpenAI EUR 15 million over ChatGPT, and a court later threw out the fine without deciding whether the conduct was lawful

By Ellie Harris · Filed Garante decision No. 755 of 2 November 2024, announced 20 December 2024

Alleged: OpenAI developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

Italy's privacy regulator fined OpenAI EUR 15 million over ChatGPT, and a court later threw out the fine without deciding whether the conduct was lawful

What happened

According to the Garante’s December 2024 announcement, Italy’s data protection authority fined OpenAI EUR 15 million after an investigation into ChatGPT, finding that the company had processed users’ personal data to train the model without first identifying an appropriate legal basis, had violated the transparency principle and its information obligations toward users, had no age verification to keep children under 13 away from inappropriate responses, and had failed to notify the authority of a March 2023 breach in which some users could see the titles of other users’ conversations. The decision capped a case that began in March 2023, when the same regulator briefly banned ChatGPT’s processing of Italian users’ data, a suspension lifted within weeks after OpenAI added privacy notices, opt-outs and age gating. Alongside the fine, the Garante ordered OpenAI to run a six-month public information campaign across Italian radio, television, newspapers and the internet, in what the regulator said was the first use of a new power under Italy’s privacy code, to explain to users and non-users how their data is collected for training and how to exercise their rights. OpenAI called the decision disproportionate, said the fine was nearly twenty times the revenue it made in Italy during the same year, and announced an appeal.

The appeal succeeded, but not on the substance. By judgment No. 4153/2026, issued in March 2026 with full reasoning published in May, the Court of Rome annulled the decision in its entirety, both the fine and the campaign order. The court held that once the Irish Data Protection Commission was recognised in February 2024 as OpenAI’s lead supervisory authority in the EU, under the rule that routes supervision of a company to a single lead regulator, the Garante lost the power to decide the case at all, roughly nine months before it issued its decision. The court made no finding that OpenAI’s practices were lawful, and no finding that they were not; nine further grounds of appeal were never examined. The Garante’s own website now carries a notice that the decision has been temporarily removed following the judgment. The ruling is a first-instance judgment that the Garante can still appeal to Italy’s highest court; the authority had not publicly announced a decision on an appeal as of mid-2026. The Garante had already forwarded the file to the Irish regulator, and whether that authority will pursue the substantive allegations remained open as of mid-2026.

What an auditable version would have shown

Strip away the jurisdictional fight and the case was always about questions of record: what personal data went into training, what legal basis had been identified before processing began, what users were actually told, and when the company knew about the breach. Nearly three years after the original ban, none of those questions has an authoritative answer in Europe, because the decision that was meant to answer them was annulled over which regulator had the power to decide it. An auditable version keeps substance and venue apart. Signed records of what data was collected, under which declared legal basis, and what notices users saw at each point in time would exist independently of which regulator holds the file. When supervision moved from Rome to Dublin, the record would have moved with it intact, ready for whichever authority takes the questions up next.

Where the gap was

The Garante’s findings, which now carry no legal force and were never tested on their substance, described processing that ran ahead of its own paperwork: data collected for training before a legal basis was identified, and users informed after the fact, if at all. A ConstraintGate treats the declared legal basis as a standing rule checked before processing begins, not a rationale assembled once a regulator asks; training runs on data with no recorded basis simply do not start. A ConductRecord preserves what was collected, what users were shown, and when the breach was known, in a form any supervisory authority can verify. Under data protection law a company must be able to demonstrate compliance, not merely assert it, and that demonstration is only as good as the records behind it.

What governance should have looked like

A regulator fined a company EUR 15 million, a court erased the fine without touching the question of whether anyone had done anything wrong, and the public is left knowing less than either process promised. That outcome is only possible when the facts live inside the proceeding instead of inside the systems that generated them. Companies deploying models trained on personal data should hold signed, portable records of what was processed and on what basis, so that the answer to “was this lawful” does not depend on which city’s regulator asked first. The jurisdiction can change hands; the record should not have to be rebuilt.

The reference implementation of ConstraintGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and OpenAI could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →