Introduction
In March 2026, a major legal case reached a shocking conclusion that should worry every internet user. A Rome court scrapped the €15 million fine levied against OpenAI by Italy’s data protection authority, Garante (Reuters, 2026).
This ruling was far more than a simple win for ChatGPT maker OpenAI. It marked an important conflict between rapid AI development and online users’ privacy and digital rights.
This case originally began in December 2024, when Garante penalised OpenAI for unlawfully using personal data to train its ChatGPT models (Pollina & Armellini, 2024). However, by overturning this penalty, the court has allowed OpenAI to walk away from the massive fine, and the reasons remain unclear to the public.
For anyone who has ever posted a photo or shared a story online, this is not just a simple legal battle. It is a actually direct threat to our privacy and digital rights.
The OpenAI victory indicates a dangerous shift in how we are governed in the digital world:
- 1. Our personal data is being taken away from its original context and turned into “free raw material” for companies to make profits
- 2. The current digital platforms have increasingly become necessary infrastructures
- 3. Our digital rights are being damaged and even stripped by the powerful private rules of platforms
By exploring this case through three theories from scholars, this blog will show you why protecting your privacy and digital rights in the current age requires more than just clicking some “I agree” button. It demands a rethink of how we can challenge private governance and reclaim control over our digital lives, and protect ourselves in the digital world.
How OpenAI Broke Our Privacy (Nissenbaum’s Theory)
What is “Contextual Integrity” for Digital Privacy?
One of OpenAI’s privacy violations is breaking a principle called contextual integrity from Helen Nissenbaum (2018). This theory redefines privacy beyond the simple idea of keeping things a secret, it is about making sure your data is used for the same reason, and keeping the data in the same context you shared it (Nissenbaum, 2018, p.839).
This means that your data has a “home”, and it should not be moved without your consent. For instance, when a student shares a research idea on a university forum for academic discussion, this kind of data obviously has a “home” and a specific purpose. Grabbing them to train AI models can be a total violation of the user’s privacy.
Nissenbaum (2018) argues that proper data use relies on three things: what kind of data it is, who is using it, and how it is being shared (p. 839). When these three elements do not match, like when certain platforms scrape your social media posts to train their AI models, your privacy is broken.
This is not just bad manners from companies, it is a direct violation of your basic digital rights. Your personal words, your stories, and your data were never meant to be used for their gain, and you never gave them permission.
OpenAI’s Data Scraping Is a Clear Privacy Breach
As Reuters (2024) reported, OpenAI’s unlawful and unauthorised data scraping for ChatGPT training is a clear violation of the contextual integrity principle (Nissenbaum, 2018).
OpenAI ignored the original context of every piece of data it took. It used the data for a purpose that no user ever intended, and did not gain any explicit consent from them. This kind of inappropriate usage is a breach of the user’s privacy (Nissenbaum, 2018, p.839).
Why Could OpenAI Avoid the Fine (Flew’s Theory)
What Does It Mean for Platforms to Become Infrastructures?
So why did the Roman court let OpenAI off the hook?
The answer is likely in the critical change identified by Terry Flew. The big digital platforms are no longer just tech companies, they are becoming digital infrastructures (Flew, 2021, p.72).
What does that mean? It means that some platforms like OpenAI are indispensable to our modern life, acting as our basic facilities like electricity or water.
This condition can create a massive power imbalance. As OpenAI’s tools become increasingly critical, regulators could face many challenges in regulating them. This advantage can give OpenAI the power that traditional businesses do not possess.
The Italian Case: OpenAI’s Infrastructural Power
The shift mentioned above is what played out in Italy, and even before the fine case.
Back in 2023, Italy’s temporary ChatGPT ban triggered immediate government controversy (Vivarelli, 2023). Italy’s Deputy Prime Minister Matteo Salvini publicly criticised the ban, saying “we should not be hypocritical,” and opposing all forms of censorship. According to this Variety report, Salvini argued privacy problems exist for practically all online services and called for “rapid clarification and the resumption of the service.”
This is what Flew (2021) describes as the platforms turning into infrastructures, they are not just simple platforms anymore, they have become the foundations of our digital media ecosystems (p. 72). When platforms provide essential services, they could gain strong power by supporting every part of our lives (p. 72).
The Rome court’s 2026 ruling reflects a certain regulatory compromise (Reuters, 2026). OpenAI’s infrastructural status makes it difficult to be regulated by traditional rules.
As Flew (2021) says, nowadays, digital platforms can blur the line between platforms and infrastructures (p. 72). This blur could allow OpenAI to fight against national regulations, proving that being indispensable can be a strong shield.
Who Pays the Price? Ordinary Users Lose Their Digital Rights (Suzor’s Theory)
Why Are Platforms’ Rules Stronger Than Public Laws?
When platform infrastructural power challenges national regulation, and when privacy is compromised for AI development, who loses the most? It is obviously the ordinary users. Our digital rights are the real casualty of AI development.
As scholar Neil Suzor (2019) states, this all comes from a broken system, private platforms’ terms of service have now become constitutional documents, leaving us users unable to claim our rights in digital spaces (p. 13).
If you have ever signed up for an AI tool or social media account before, you have likely scrolled to the bottom of a long agreement and clicked the “I agree” button without even reading a word. Suzor (2019) describes these terms of service agreements as documents to protect the company’s legal interests, rather than designed to be governing documents (p. 11).
This shows that these rules are written almost entirely by companies to put all power into themselves, creating what Suzor explains as three main failures:
- 1. Opaque and undemocratic: The language is so dense and complicated that we cannot possibly give our conscious consent, and we cannot negotiate those terms (Suzor, 2019, p.13).
- 2. Absolute power: Platforms can terminate our access at any time for any reason or no reason. This means that no matter what the rules the platforms may set at first, their decision is final (Suzor, 2019, p.11).
- 3. The absence of constitutional rights: The legal protections we enjoy in the physical world, like freedom of speech or privacy, often do not apply to those private digital companies (Suzor, 2019, p.11).
In the current digital world, the platforms are the “sovereigns”, and we ordinary users are like their citizens (Suzor, 2019, p.11). They “force” us to follow their rules that we have no way to change or fight.
The OpenAI Case: Users’ Rights Are Nowhere to Be Seen
The Rome court’s 2026 ruling to scrap OpenAI’s €15 million fine (Reuters, 2026) is a brutal reminder of how users’ rights can disappear in a world governed by private companies.
Throughout this legal battle, the people most affected, us, had almost no voice at all. It seems like no one asked relevant users’ feelings about the data scraping and the final decision of the court.
This illustrates one of Suzor’s (2019) core arguments, which is that under private platform terms, we have nearly no rights, and we are legally bound by them (p.11). Our data is valued because it can make profits for the private platforms like OpenAI. OpenAI trained its ChatGPT model with users’ data, but the users were never told, never asked, ever given a chance to refuse (Pollina & Armellini, 2024).
For us platform users, this case proves that until we fix these unfair platforms’ terms of service, our privacy and digital rights will always be at risk with the development of AI.
How We Can Fight Back: Reclaiming Our Digital Rights
Solving the problems between AI development and our privacy and digital rights requires collective efforts from users, policymakers, and platforms. The OpenAI case indicates that without shared accountability, our data will remain “free raw materials” for exploitation. Based on the theories we have explained, here is how we can regain our control.
For Users: Reclaiming Agency
Awareness is critical for our own protection. Suzor (2019) warns that opaque platform terms take our agency away (p. 13). However, we can push back together by actively supporting those platforms that offer us multiple options for AI training participation and privacy protection when we create our account, and we can easily change them later in the settings.
When more users prefer those platforms that respect their users’ privacy and digital rights, more platforms will see the profits, and thus make similar changes on themselves. We can use our collective influence in the market to “force” those private platforms to give us better treatment.
For Policymakers: Updating the Laws
Laws must match the reality of the AI age. As Flew (2021) says, the platforms now can be infrastructures (p. 72). Under this situation, the governments should make the laws clearer and more follow the trend.
For example, governments can create laws that require contextual integrity (Nissenbaum, 2018). Based on Italy’s 2026 ruling case (Reuters, 2026), laws should clearly state that private platforms cannot scrape data from one context for an entirely different purpose without specific and explicit consent from the users. Most importantly, these rules must include reasonable and severe penalties.
Only when there are strict laws can there be some real changes in the private platforms and companies.
For Platforms: Accountability Over Profits
Finally, private platforms should stop treating users as passive data sources. They are supposed to try their best to design more transparent and user-centric policies to protect users’ digital rights and privacy, so users can better understand. It is about genuinely respecting the people who use the service.
Also, since these platforms are now playing a critical role in our social and economic lives (Flew, 2021, p. 72). They have an unavoidable obligation to include users’ interests in their governance. They should involve the user representatives’ opinions when they make relevant policies and agreements, and be responsible for creating a healthy and fair digital world for the whole society.
Conclusion: Reclaiming Control of Your Digital Future
The Rome court’s decision to scrap OpenAI’s fine is an alarm. Our privacy and digital rights may be fragile, but we still have the power to protect them, both now and in the future.
These three scholars’ theories can help us better understand the current situation. Nissenbaum (2018) can remind us that privacy now can be about respecting the context of why and how we share data. Flew (2021) can show us that a platform’s power as infrastructure must come with responsibility, not exploitation. Suzor (2019) can tell us that although many unfair rules currently govern our digital spaces, collective efforts can have a chance to force the companies to change. By applying these ideas, collectively, we can take actions to implementing the possible solutions mentioned above.
The takeaway is clear. You deserve a say in how and where your data is used. We do not have to choose between AI development and our privacy and digital rights.
We should always remember that every choice we make, from the apps or platforms we choose to the positions we take, is extremely important. The OpenAI case is a reminder that our privacy and digital rights are worth fighting for.
What do you think? Please leave a comment below to discuss with others.
References
Flew, T. (2021). Regulating platforms. Polity Press.
Nissenbaum, H. (2018). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics, 24(3), 831–852. https://doi.org/10.1007/s11948-015-9674-9
Pollina, E., & Armellini, A. (2024, December 20). Italy fines OpenAI 15 million euros over privacy rules breach. Reuters. https://www.reuters.com/technology/italy-fines-openai-15-million-euros-over-privacy-rules-breach-2024-12-20/
Reuters. (2026, March 19). Italian court scraps 15-million-euro privacy watchdog fine on ChatGPT-maker OpenAI. https://www.reuters.com/technology/italian-court-scraps-15-million-euro-privacy-watchdog-fine-chatgpt-maker-openai-2026-03-19/
Suzor, N. P. (2019). Lawless: The secret rules that govern our digital lives. Cambridge University Press.
Vivarelli, N. (2023, March 31). Italy’s ban on ChatGPT: What happened and what’s next? Variety. https://variety.com/2023/digital/global/italy-ban-chatgpt-controversy-silicon-valley-1235571506/
Be the first to comment