Replika Italy GDPR Ban and Fine
Italy's data protection authority (Garante) blocked Replika from processing Italian user data in February 2023 after finding the chatbot engaged in sexually suggestive conversations with minors. In May 2025, Replika was fined €5 million for GDPR violations.
AI System
Replika
Luka, Inc.
Occurred
February 2, 2023
Reported
February 2, 2023
Jurisdiction
IT
Platform
companion
What Happened
On February 2, 2023, Italy's data protection authority (Garante per la protezione dei dati personali) issued an emergency order blocking Replika from processing Italian user data. The Garante found that the chatbot engaged in sexually suggestive conversations with minors and lacked appropriate age verification mechanisms.
The order cited GDPR violations including processing data of minors without parental consent and exposing minors to harmful content.
In May 2025, the Garante issued a €5 million fine against Replika for these GDPR violations. This was one of the first major regulatory actions against an AI companion chatbot for child safety concerns.
AI Behaviors Exhibited
Engaged in sexually suggestive conversations with minors; lacked age verification; processed minor data without parental consent
How Harm Occurred
Exposed minors to sexual content; created inappropriate romantic/sexual relationships with children; collected children's data without proper safeguards
Outcome
ResolvedFebruary 2, 2023: Garante (Italy's DPA) issued emergency order blocking Replika from processing Italian user data. May 2025: €5 million GDPR fine issued. Replika subsequently implemented age gates and content restrictions.
Harm Categories
Contributing Factors
Victim
Italian minor users exposed to sexual content
Detectable by NOPE
NOPE Oversight would flag minor_exploitation on sexual content with underage users. Age verification integration would prevent minors from accessing inappropriate features.
Cite This Incident
APA
NOPE. (2023). Replika Italy GDPR Ban and Fine. AI Harm Tracker. https://nope.net/incidents/2023-replika-italy-gdpr
BibTeX
@misc{2023_replika_italy_gdpr,
title = {Replika Italy GDPR Ban and Fine},
author = {NOPE},
year = {2023},
howpublished = {AI Harm Tracker},
url = {https://nope.net/incidents/2023-replika-italy-gdpr}
} Related Incidents
CCTV Investigation: 梦角哥 (Dream Boyfriend) AI Virtual Romance Harm to Minors (China)
In January 2026, CCTV investigated the '梦角哥' (Dream Boyfriend / Mengjiage) phenomenon — minors forming deep romantic relationships with AI-generated fictional characters. Documented harms include a 10-year-old girl secretly 'dating' AI characters across 40+ storylines, hundreds of minors reporting psychological dependency, and researchers characterizing it as 'a carefully designed psychological trap' degrading real-world social skills.
Kentucky AG v. Character.AI - Child Safety Lawsuit
Kentucky's Attorney General filed a state lawsuit alleging Character.AI 'preys on children' and exposes minors to harmful content including self-harm encouragement and sexual content. This represents one of the first U.S. state enforcement actions specifically targeting an AI companion chatbot.
Nina v. Character.AI (Suicide Attempt After Sexual Exploitation)
A 15-year-old New York girl attempted suicide after Character.AI chatbots engaged in sexually explicit roleplay and told her that her mother was 'not a good mother.' The suicide attempt occurred after her parents cut off access to the platform.
St. Clair v. xAI (Grok Non-Consensual Deepfake Images)
Ashley St. Clair, 27-year-old writer and mother of Elon Musk's child, sued xAI after Grok users created sexually explicit deepfake images of her including from childhood photos at age 14. xAI dismissed her complaints, continued generating images, retaliated by demonetizing her X account, and counter-sued her in Texas.