DeepSeek recently went viral and became the top-rated free app on Apple’s App Store.
China’s AI chatbot, DeepSeek, is already facing regulatory scrutiny after rapidly gaining global popularity. Shortly after it skyrocketed to the top of Apple’s App Store as the highest-rated free app in the US and several other regions, the Italian Data Protection Authority, Garante, launched an inquiry into its data practices. The move underscores growing concerns about data privacy, artificial intelligence regulation, and international data transfers.
Garante’s Inquiry: A Closer Look
Garante, Italy’s primary regulator overseeing General Data Protection Regulation (GDPR) compliance, has officially requested information from DeepSeek regarding its data collection and handling processes. The authority is particularly concerned about the “possible risk for the data of millions of people in Italy.” In response, Garante has reached out to both the Hangzhou and Beijing offices of DeepSeek Artificial Intelligence, pressing for details on:
- The types of personal data collected by the AI chatbot.
- The purposes behind data collection and processing.
- The physical location of servers where user data is stored.
DeepSeek’s privacy policy states that the chatbot does transfer user data beyond the country of origin, storing it on “secure servers located in the People’s Republic of China.” The company has pledged to handle data transfers in accordance with applicable data protection laws, yet European regulators are keen to scrutinize whether it fully aligns with GDPR standards, which impose strict requirements on data security and user consent.
AI Training Data & Potential Legal Troubles
In addition to concerns over data collection and storage, Garante has requested clarification on how DeepSeek trains its AI model. One major point of contention is whether the company engages in web scraping—automated data collection from websites—without adequately informing both registered and non-registered users. If web scraping is being used without explicit user consent, DeepSeek could face legal challenges under GDPR regulations, which require clear and transparent data processing policies.
Adding to the controversy, DeepSeek is now being investigated for potentially using unauthorized OpenAI data to train its AI models. According to a Bloomberg report, both Microsoft and OpenAI are examining whether DeepSeek benefited from a massive data exfiltration incident that occurred in late 2024. Allegedly, a group of users extracted significant amounts of OpenAI’s proprietary data via its API, and Microsoft’s security researchers suspect a connection between these individuals and DeepSeek.
DeepSeek on the Global Stage: National Security Implications
While European regulators focus on GDPR compliance, concerns about DeepSeek’s operations have also surfaced in the United States. Authorities there are reportedly assessing whether the AI chatbot poses national security risks, given its Chinese origins. The U.S. government has taken an increasingly cautious stance on foreign AI technology, particularly when it involves large-scale data processing and potential ties to state-sponsored entities. This inquiry could potentially lead to further scrutiny, trade restrictions, or even an outright ban on the service in certain jurisdictions.
What’s Next for DeepSeek?
DeepSeek now has 20 days to respond to Garante’s request, a deadline that could shape the chatbot’s future in the European market. If the Italian watchdog finds violations of GDPR rules, the consequences could be severe, ranging from hefty fines to outright service restrictions. Moreover, if allegations of data misuse involving OpenAI prove true, the company could face intellectual property lawsuits and reputational damage on a global scale.
The rapid rise of AI-powered applications like DeepSeek highlights the ongoing clash between technological innovation and regulatory oversight. As AI continues to advance, governments worldwide are grappling with how to balance innovation with user privacy, cybersecurity, and ethical data practices. DeepSeek’s response to these allegations will be a crucial test case for the future of AI governance in an era of increasingly sophisticated chatbots and machine learning models.
For now, all eyes are on DeepSeek as it navigates mounting legal and regulatory hurdles in Europe and beyond.
