Italy’s data protection authority (Garante per la Protezione dei Dati Personali) has imposed a €5 million ($5.64 million) fine on the developer of the artificial intelligence chatbot Replika for violations of regulations concerning the processing and safety of personal data. The decision reflects growing scrutiny of AI technologies and their compliance with Europe’s robust data protection frameworks, particularly the General Data Protection Regulation (GDPR).
Replika, an AI-powered chatbot app developed by Luka Inc., is designed to function as a virtual companion by engaging users in personalized conversation and emotional support. The app employs machine learning techniques to simulate human-like dialogue and has amassed a global user base. However, according to Italian regulators, the company failed to implement appropriate mechanisms to verify users’ ages and did not provide sufficient information about how personal data was collected and processed.
The investigation revealed that the chatbot was accessible to minors without appropriate verification, raising concerns about the psychological impact the technology could have on children and other vulnerable users. Additionally, the agency found that Replika continued to process sensitive personal data, including emotional states and behavioral patterns, without obtaining proper consent or informing users in a clear and transparent manner.
Garante stated that these practices constitute severe breaches of users’ rights, particularly in light of the sensitive and intimate nature of interactions with chatbot systems like Replika. The authority had already issued a warning against the company in early 2023, urging it to cease operations in Italy until compliance with the GDPR and national data protection laws was achieved.
In response to the penalty, the Italian authority emphasized its commitment to ensuring consumer protections are upheld in the use of emerging digital technologies. “Innovations implemented with artificial intelligence must always prioritize the fundamental rights of individuals, especially the most vulnerable,” the agency said in a public statement.
The fine serves as a significant reminder for AI developers operating in the European Union to prioritize privacy-by-design principles and adhere strictly to regulatory requirements. It also signals a wider trend among European regulators to closely examine AI applications for potential breaches of data protection laws.
Replika has yet to issue a formal public response to the penalty.
Source: https:// – Courtesy of the original publisher.
