Italy: Data Protection Authority fined Replika chatbot provider Luka EUR 5 million for GDPR violations related to legal basis for data processing and age verification

Data Protection Authority fined Replika chatbot provider Luka EUR 5 million for GDPR violations related to legal basis for data processing and age verification

On 10 April 2025, the Italian Data Protection Authority (DPA) announced that it had fined Luka, the provider of the artificial intelligence chatbot Replika, EUR 5 million for violating the General Data Protection Regulation (GDPR). The DPA identifie…

Scope

Policy Area

Data governance

Policy Instrument

Data protection regulation

Regulated Economic Activity

ML and AI development

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2023-02-02

under investigation

On 2 February 2023, the Italian Data Protection Agency (DPA) issued a provisional order banning Lu…

2023-06-22

in force

On 22 June 2023, the Italian Data Protection Authority (DPA) concluded its investigation into the R…

2025-04-10

in force

On 10 April 2025, the Italian Data Protection Authority (DPA) announced that it had fined Luka, the…

Description

Data Protection Authority fined Replika chatbot provider Luka EUR 5 million for GDPR violations related to legal basis for data processing and age verification

Scope

Complete timeline of this policy change