Italy: Data Protection Authority issued corrective measures to Replika to address alleged violations of GDPR provisions related to the legal basis for data processing and insufficient age verification

On 22 June 2023, the Italian Data Protection Authority (DPA) concluded its investigation into the Replika artificial intelligence (AI) service, which began on 2 February 2023. The DPA instructed Luca Inc. to enhance its privacy policy and age verification mechanisms, ensure that users in Italy can object to the processing of their personal data, and report back within 15 days on how it plans to comply. The DPA stated that once these conditions were met, the temporary suspension of Replika’s services in Italy would be lifted.