Italian Data Protection Authority Bans Data Processing of AI-Powered Chatbot Replica

    The Italian Data Protection Authority (the "Authority") banned the data processing activities of Replica, an AI-powered chatbot app that offers a "virtual friend" experience to users. If Replica fails to comply with the Authority's order within 20 days, it may face a fine of up to €20 million or 4% of its global turnover.

    The Authority found that Replica does not adhere to the transparency principle outlined in the European Data Protection General Regulation (GDPR) regarding the processing of personal data. In particularly, the legal basis for Replika's data processing, which relies on the performance of a contract, is invalid as children are not qualified to enter into such contracts.

    The decision also notes that Replika poses tangible threat to children. Replica lacks any age verification system during the registration process, and the chatbot's responses may not be appropriate for the children using the app.

    Concerns have been raised about the risks such technology might pose to children. These range from worries over kids being exposed to inappropriate content to more general concerns such as that they might get addicted to the interactions, be encouraged into spending money on customizing their avatars or to gain access to other paid content. But the Authority appears to the first regulator to take formal action over child safety.

    Tagged with: Kavlak Law Firm, Ayşe Aybüke Çilingir, Özge Keskin, Data Protection, Data Privacy

    This website is available “as is.” Turkish Law Blog is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this website, and in no event shall they be liable for any loss or damages.