Italian authorities on July 29, 2025, initiated a comprehensive investigation into Meta, the parent company of WhatsApp, over its artificial intelligence tool “Llama” for potential violations of the European Union’s General Data Protection Regulation (GDPR).
The probe, spearheaded by the Italian Data Protection Authority (Garante), stems from 150 complaints filed by consumer advocacy groups, alleging that the AI, integrated into WhatsApp since June 2025, processes user messages, handling 15 million Italian accounts, without explicit consent. The investigation focuses on whether Meta’s data collection for AI training breaches Article 6 of the GDPR, which mandates lawful basis for processing.
Meta, in a statement from its European headquarters, defended Llama as a customer service enhancement, asserting compliance with GDPR through optional opt-ins and anonymized data use, supported by a 90% satisfaction rate in pilot regions. However, Garante’s preliminary review suggests inadequate transparency, with fines potentially reaching €20 million or 4% of Meta’s annual global turnover, approximately €10 billion, if violations are substantiated.
The probe aligns with broader EU scrutiny of tech giants, following a €1.2 billion fine on Meta in 2023 for data misuse. Critics from the European Digital Rights (EDRi) group argue the investigation could set a precedent for AI governance, while Meta’s legal team prepares a defense citing innovation benefits. The narrative of regulatory oversight is pivotal, with outcomes likely influencing AI deployment across the 27-member bloc.
