The Italian Privacy Authority announced today that it has launched an investigation to verify whether websites are adopting adequate security measures to prevent the massive collection of personal data for the purpose of training AI algorithms. Indeed, AI platforms collect huge amounts of data through so-called web-scraping, including the personal data of users of websites operated by both public and private entities. Such data is made available online for various purposes, such as news reporting, administrative transparency, etc..

The investigation will therefore concern all data controllers who operate in Italy and make their users' personal data available online (and thus accessible by developers of AI services), in order to verify whether said controllers adopt adequate security measures to safeguard their users' rights.

The Authority also asks the relevant trade associations, consumer associations, experts and representatives of the academic field to contribute to the investigation by submitting their inputs on the security measures adopted and adoptable against the massive collection of personal data for the purpose of AI training. Finally, the Authority announces that – once the investigation is concluded – it may resort to any applicable measures to enforce the relevant legislation, including urgent measures.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.