DeepSeek AI Under EU Scrutiny: Data Privacy & AI Concerns Spark Investigations

My Privacy Blog

My Privacy Blog

6 min read
DeepSeek AI Under EU Scrutiny: Data Privacy & AI Concerns Spark Investigations

Overview

DeepSeek, an AI-powered platform, has come under investigation across multiple European Union countries due to concerns over data privacy, potential GDPR violations, and AI-based data processing risks. Several regulatory bodies have launched formal probes or requested information to assess whether DeepSeek's operations comply with European data protection laws.

Global AI Regulation Wave: How Italy’s DeepSeek Ban Triggered a Worldwide Scrutiny of Chinese AI Models - Germany/ Netherlands/Taiwan
DeepSeek, the Chinese AI startup behind the viral DeepSeek-R1 reasoning model, faces escalating global scrutiny as regulators worldwide raise concerns over data privacy, cybersecurity, and compliance with local laws. Following Italy’s decisive ban, multiple countries and organizations have launched investigations or imposed restrictions, signaling a tightening regulatory environment for
Compliance Hub WikiCompliance Hub

Key Concerns

The primary issues raised include:

  • Data Transfer to China: Multiple EU watchdogs are questioning whether DeepSeek is lawfully transferring EU citizens’ data to China and whether adequate safeguards are in place.
  • GDPR Compliance Issues: Authorities suspect that DeepSeek may be processing personal data without sufficient legal grounds, raising compliance risks under the General Data Protection Regulation (GDPR).
  • AI-Based Data Processing Risks: Some regulators, like France’s CNIL, have expressed concerns about how DeepSeek’s AI tools collect and process data, particularly regarding transparency and user consent.
  • Lack of Safeguards: Countries such as Luxembourg are investigating whether DeepSeek’s data collection and storage mechanisms adhere to EU privacy and security standards.
DeepSeek Reports Major Cyberattack Amid Rapid Growth
On January 27, 2025, Chinese artificial intelligence startup DeepSeek announced that it had experienced “large-scale malicious attacks” on its services, leading the company to temporarily limit new user registrations. Existing users remained unaffected and could log in without issues. Reuters This cyberattack coincided with a surge in DeepSeek’s popularity, as
Breached CompanyBreached Company

Investigations & Actions Taken by Countries

  • Italy: The country’s data protection authority, Il Garante per la protezione dei dati personali, blocked DeepSeek and launched an investigation into potential GDPR violations related to data transfers to China (28/30 Jan).
  • Belgium: The Data Protection Authority opened a formal investigation into DeepSeek’s compliance with GDPR (30/31 Jan).
  • Ireland: The Data Protection Commission requested information regarding DeepSeek’s data processing and storage of EU citizens’ data (29 Jan).
  • France: The CNIL is analyzing DeepSeek’s AI tools and plans to request further information regarding data protection risks (Early Feb).
  • Croatia: The Croatian Personal Data Protection Agency has requested information, but no specific complaint has been lodged yet (Early Feb).
  • Luxembourg: The Commission nationale pour la protection des données is exploring investigative possibilities, citing concerns about DeepSeek’s collection and processing of data without sufficient safeguards (03 Feb).
  • Netherlands: The Dutch privacy regulator, Autoriteit Persoonsgegevens, has launched a formal investigation due to serious privacy concerns (03 Feb).
  • Germany: Regional data protection authorities are discussing coordinated action but have not yet filed a formal complaint (29 Jan).
  • Portugal: The Portuguese consumer organization DECO PROTeste filed a complaint, prompting the national privacy authority to examine the issue (31 Jan).
  • Greece: The Greek consumer organization Homo Digitalis has asked the Hellenic Personal Data Protection Authority to investigate DeepSeek (02 Feb).
Italy’s Privacy Watchdog Blocks DeepSeek AI: A GDPR Battle Begins
The Italian Data Protection Authority (Garante) has issued an emergency order to block DeepSeek AI from processing the personal data of Italian citizens, effectively halting the company’s operations in Italy. This decision underscores Europe’s ongoing struggle to enforce GDPR compliance on foreign AI companies that claim immunity from
Compliance Hub WikiCompliance Hub

Next Steps & Implications

  • Possible Sanctions & Fines: If DeepSeek is found to have violated GDPR, it could face fines up to 4% of its global revenue.
  • Potential EU-Wide Ban: Italy has already blocked DeepSeek, and other countries might follow if non-compliance is proven.
  • AI & Privacy Regulation Expansion: This case could push for stronger regulations on AI-based data processing within the EU.
Pentagon Staff Used DeepSeek’s Chatbot Before Block
US Defense Department employees accessed a Chinese AI startup’s chatbot for two days before cybersecurity officials blocked the service, raising questions about foreign technology vulnerabilities in sensitive government networks1. The incident occurred despite growing concerns about Chinese tech companies’ data practices and potential intelligence risks. Incident Timeline and Response Employees
My Privacy BlogMy Privacy Blog

Further Research & Updates

To provide a more comprehensive analysis, I will now search for additional updates, statements from DeepSeek, and other regulatory actions taken outside the EU. Stay tuned.

Recent developments have highlighted significant concerns regarding DeepSeek, a Chinese AI application, particularly in terms of data privacy and national security.

Global AI Law Snapshot: A Comparative Overview of AI Regulations in the EU, China, and the USA
As artificial intelligence (AI) continues to revolutionize industries worldwide, governments are racing to establish legal frameworks to regulate its development, deployment, and risks. The European Union (EU), China, and the United States (USA) have each taken unique approaches toward AI regulation, reflecting their economic priorities, governance philosophies, and risk mitigation
Compliance Hub WikiCompliance Hub

Data Privacy and Security Concerns

DeepSeek has been criticized for its data handling practices, especially the storage of user data on servers located in China. This has raised alarms about potential unauthorized access and misuse of personal information. The Italian Data Protection Authority, known as Garante, has blocked access to DeepSeek, citing insufficient information about its data collection and storage practices. reuters.com

Qwen2.5-Max: A New Contender in AI Performance Benchmarks
Introduction Alibaba’s latest AI model, Qwen2.5-Max, is making waves in the artificial intelligence landscape with its impressive benchmark results. Trained on over 20 trillion tokens, the model has demonstrated superior performance across various AI benchmarks, challenging established models such as DeepSeek-V3, Llama 3, GPT-4o, and Claude 3.5 Sonnet.
My Privacy BlogMy Privacy Blog

National Security Implications

Beyond Europe, countries like Australia and the United States have expressed national security concerns. Australia has banned DeepSeek across all government systems, citing risks of data breaches and potential misuse by foreign entities. news.com.au

Similarly, the U.S. Navy has advised against using DeepSeek due to fears of espionage and data security vulnerabilities. time.com

EU Bans Risky AI Systems
The European Union’s Artificial Intelligence Act (EU AI Act), enacted on February 2, 2025, represents a watershed moment in global AI governance. As the world’s first comprehensive regulatory framework for artificial intelligence, it establishes stringent prohibitions on high-risk applications while aiming to foster innovation and protect fundamental rights. This
Compliance Hub WikiCompliance Hub

Censorship and Content Control

Investigations have revealed that DeepSeek employs censorship mechanisms, particularly on topics sensitive to the Chinese government. The AI model has been observed to avoid discussions on events like the 1989 Tiananmen Square protests and issues related to human rights in China. en.wikipedia.org

Global Regulatory Actions

In addition to Italy, other countries are taking steps to address potential risks associated with DeepSeek. Taiwan has banned the application in government agencies, citing data leakage risks. thehackernews.com

The Belgian Data Protection Authority has also received complaints and is investigating the application's compliance with data protection regulations. reuters.com

These actions underscore the growing global apprehension about the implications of AI applications like DeepSeek on data privacy, national security, and information control.

Read more