Italy: Data Protection Authority investigation into Replika over alleged violations of GDPR provisions pertaining to legal basis for data processing and insufficient age verification
Progress
Scope
Timeline of events
Data Protection Authority fined Replika chatbot provider Luka EUR 5 million for GDPR violations related to legal basis for data processing and age verification
On 10 April 2025, the Italian Data Protection Authority (DPA) announced that it had fined Luka, the provider of the artificial intelligence chatbot Replika, EUR 5 million for violating the General Data Protection Regulation (GDPR). The DPA identifie…
SourceData Protection Authority issued corrective measures to Replika to address alleged violations of GDPR provisions related to the legal basis for data processing and insufficient age verification
On 22 June 2023, the Italian Data Protection Authority (DPA) concluded its investigation into the Replika artificial intelligence (AI) service, which began on 2 February 2023. The DPA instructed Luca Inc. to enhance its privacy policy and age verifi…
SourceIssued provisional order banning Luka/Replika from processing Italian users' data
On 2 February 2023, the Italian Data Protection Agency (DPA) issued a provisional order banning Luka, the developer and operator of the Artificial Intelligence-powered chatbot Replika, from processing the personal data of Italian users. The United …
Source