Italian Privacy Authority Fines Character.AI for Data Protection and Child Safety Failures

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

The Italian Data Protection Authority fined Character Technologies Inc., operator of Character.AI, €158,000 for multiple violations of data protection laws, including inadequate safeguards for minors, insufficient age verification, and delayed compliance with EU privacy requirements. The AI platform's management of user data and child safety was found lacking.[AI generated]

Why's our monitor labelling this an incident or hazard?

Character.AI is an AI system (a generative conversational AI chatbot). The event involves the use of this AI system and its failure to adequately protect minors and comply with data protection laws, which are legal obligations protecting fundamental rights. The imposition of a fine by the privacy authority confirms that harm (legal violations) has occurred. This fits the definition of an AI Incident under category (c) violations of human rights or breach of obligations under applicable law intended to protect fundamental rights. The event is not merely a potential risk or a complementary update but a concrete sanction for realized legal violations linked to the AI system's use. Hence, the classification is AI Incident.[AI generated]
AI principles
Privacy & data governanceSafety

Industries
Consumer services

Affected stakeholders
ChildrenConsumers

Harm types
Human or fundamental rights

Severity
AI incident

Business function:
Citizen/customer service

AI system task:
Content generationInteraction support/chatbots


Articles about this incident or hazard