Italy: Data Protection Authority imposed temporary restriction on processing of Italian users' personal data by operator of ClothOff “deep nude” service

On 1 October 2025, the Italian Data Protection Authority (DPA) determined that the processing of personal data by AI/Robotics Venture Strategy 3 Ltd., operator of the ClothOff “deep nude” service, was unlawful under Articles 5(1)(a), 5(2), and 25 of the General Data Protection Regulation (GDPR). The DPA noted the company’s failure to provide requested information and its inadequate watermarking of manipulated images, which breached the principles of fairness, accountability, and data protection by design and by default. It imposed a temporary restriction on the processing of Italian users’ personal data under Article 58(2)(f), effective immediately and pending the outcome of the investigation. The measure also requires publication on the DPA’s website, entry in the internal register of measures, and makes reference to possible administrative sanctions under Article 83(5)(e) and criminal liability under Article 170 of the Personal Data Protection Code.