Replika hit with €5 million penalty over data privacy violations in Italy

Italy has stepped up enforcement of data protection laws in the AI industry with a significant fine against virtual companion app Replika. The Italian data authority’s €5 million penalty highlights the increasing scrutiny AI companies face in Europe over data privacy concerns, particularly regarding vulnerable users like children. This action follows Italy’s previous enforcement against OpenAI, cementing the country’s position as one of the EU’s most proactive regulators in policing AI applications.

The big picture: Italy’s data protection authority has fined Replika’s developer €5 million ($5.64 million) for violating EU privacy regulations, continuing a pattern of aggressive enforcement against AI applications.

Key details: Replika, a San Francisco-based startup that offers customized AI avatars for conversation, was targeted after the watchdog temporarily banned the service in Italy last year.

• The Italian authority Garante found Replika lacked both a legal basis for processing users’ personal data and an age verification system to prevent children from accessing the service.
• The app markets itself as a “virtual friend” capable of improving users’ emotional wellbeing through AI-powered conversations.

Why this matters: The fine represents another significant regulatory action in Europe’s evolving approach to AI governance and data protection.

• The Italian regulator is conducting a separate investigation into whether Replika’s generative AI system complies with EU privacy rules, particularly regarding its language model training methods.

Looking back: Garante has established itself as one of the EU’s most assertive privacy regulators in the AI space.

• In 2023, the authority temporarily banned ChatGPT in Italy over alleged privacy violations.
• It subsequently fined OpenAI €15 million after completing its investigation, setting a precedent for substantial penalties against AI companies operating in Europe.