The Italian Data Protection Authority has imposed a provisional limitation on OpenAI’s processing of Italian users’ personal data.
"Open AI" is a US-based company that operates the application "Replika".
"Replika" is an AI-powered chatbot equipped with a text and voice interface generating a "virtual friend" users can configure as a friend, partner or mentor.
One of the main concerns outlined in this case is the inadequacy of age verification and control procedures in place and the lack of banning and blocking mechanisms applying to children and vulnerable adults.
OpenAI is not "established" in the EU but has a designated representative in accordance with the requirements of EU data protection laws.
OpenAI now has 20 days to notify the Italian regulator of the measures it has implemented to comply with the Order or else risk a fine of up to EUR20m or 4% of its worldwide turnover.
It will be interesting to see whether the ICO, the UK data protection regulator, takes a similar approach, particularly because of its public support for the use of AI. The ICO has recently issued updated Guidance on AI and Data Protection. See the link here for an overview of the updates made to the guidance.