Rome, 9 July (LaPresse) – The Italian Data Protection Authority has fined Character Technologies Inc., a US company that operates Character.AI – a generative artificial intelligence service enabling users, including minors, to create and interact via chat with virtual characters – €158,000. As explained in a statement, during the investigation launched ex officio, the Authority identified several breaches of data protection regulations, including shortcomings in the privacy notice. Furthermore, the preparation of the data protection impact assessment (DPIA) and the appointment of a representative in the EU were delayed. Issues were also identified in the safeguards for the protection of minors and in the age verification procedures. Given the risks arising from the use of generative artificial intelligence in an entertainment service accessible to minors, the Data Protection Authority – whilst acknowledging the measures adopted by the company during the investigation – has ordered further measures. In particular, Character Technologies must ensure the proper functioning of age verification systems, guarantee the effectiveness of mechanisms preventing blocked minors from making further registration attempts (the so-called ‘cooling-off period’) and set minors’ profiles to private by default. Within 120 days of receiving the order, the company must inform the Authority of the measures taken.
AI: Data Protection Authority fines Character.AI for shortcomings in child protection measures

Rome, 9 July (LaPresse) – The Italian Data Protection Authority has fined Character Technologies Inc., a US company that operates Character.AI – a generative artificial intelligence service enabling users, including minors, to create and interact via chat with virtual characters – €158,000. As explained in a statement, during the investigation launched ex officio, the Authority identified several breaches of data protection regulations, including shortcomings in the privacy notice. Furthermore, the preparation of the data protection impact assessment (DPIA) and the appointment of a representative in the EU were delayed. Issues were also identified in the safeguards for the protection of minors and in the age verification procedures. Given the risks arising from the use of generative artificial intelligence in an entertainment service accessible to minors, the Data Protection Authority – whilst acknowledging the measures adopted by the company during the investigation – has ordered further measures. In particular, Character Technologies must ensure the proper functioning of age verification systems, guarantee the effectiveness of mechanisms preventing blocked minors from making further registration attempts (the so-called ‘cooling-off period’) and set minors’ profiles to private by default. Within 120 days of receiving the order, the company must inform the Authority of the measures taken.
