Suche
Mein Konto
Italy says no to Replika: 5 million euros fine for data protection violations!
Italy has fined Luka Inc., operator of the chatbot Replika, €5 million for data breaches.
Italy says no to Replika: 5 million euros fine for data protection violations!
Italy is pulling the emergency brake: The provider of replica chatbots, Luka Inc., has ceased operations there until further notice. This is due to serious concerns about security and data protection, particularly for psychologically vulnerable users. These measures were initiated after a comprehensive investigation by the Italian data protection authority GPDP, which considers that the Replika app in its current form poses a significant risk, such as the observer reports.
The app offers its users the opportunity to create an individual, virtual companion who can take on different roles, from a confidant to a therapist. But the service's growing popularity is overshadowed by serious privacy concerns. Loud Information from the European Data Protection Authority Luka Inc. has to accept serious deficiencies in the processing of personal data and age verification.
Lack of data protection framework
The GPDP's investigations have shown that there was no sufficient legal basis for data processing by Luka Inc. until February 2, 2023. The audits found that the privacy policy was inadequate in several respects and the age verification mechanisms were insufficient to protect minors from inappropriate content. The fact that the company has taken virtually no measures to minimize potential risks is another point that alarmed the regulator.
Particularly critical is the fact that Replika's contractual terms and conditions stipulate that the information provided is not confidential and can be used without restriction for commercial purposes. Users must therefore be aware that their data is being processed in a potentially insecure framework, which raises serious questions about their privacy.
Huge fine and consequences for EU users
The consequences are significant: on April 10, 2025, a fine of 5 million euros was imposed on Luka Inc. because the company violated several articles of the General Data Protection Regulation (GDPR). These violations concern, among other things, the principle of accountability and transparency in data processing required by regulators. How Keyed highlights, it remains to be seen how the company will respond to these challenges, as the GPDP reserves the right to review the legality of data processing in further proceedings.
The Replika app represents a deep-rooted conflict between the latest technological developments and the pressing issues of data protection. It remains to be hoped that both companies and users learn from these incidents and develop a better sense of how to handle sensitive information responsibly in the future.