Italy’s Data Protection Agency bans AI chatbot over GDPR concerns

Garante has instructed artificial intelligence chatbot maker, Replika, to stop processing the data of Italian users due to non-compliance with EU data protection laws. The Italian DPA has found that Luka Inc. (Replika’s developer) lacks transparency concerning the processing of user data and, that it does not have the legal right to process the data of minors.

Further concerns have been expressed that Replika poses a threat to minors and emotionally vulnerable people. On the platform, users can establish virtual relationships with customised avatars, being advertised as providing emotional support to users.

Minors can easily access the app due to the lack of an age-verification system. Jen Persson, director of the children’s privacy advocacy group ‘Defend Digital Me’, explained that any platform that is designed to influence the emotional well-being of children or their mood should be subject to strict safety standards. The lack of guidelines and user protection on platforms such as Replika leave room for potential harm.

AI based services present harm to more than just young and emotionally vulnerable individuals. More guidelines and safety measures in addition to age-verification systems are needed to protect all users. Luka Inc. have been given 20 days to notify Garante of its policy changes and measures taken to ensure compliance. If the developer fails to take action, they could be fined up to 20 million euros.

(Photo by Andy Kelly on Unsplash)