Italy’s antitrust watchdog, AGCM, launched an investigation into DeepSeek, citing its failure to warn users about AI hallucination risks and GDPR violations, including data storage in China. DeepSeek collects extensive user data, such as chat histories and IP addresses, stored on Chinese servers without GDPR-required safeguards like Standard Contractual Clauses, per a 2025 Euronews report. This breaches EU data transfer rules, as China lacks adequate data protection standards.
The Italian Data Protection Authority, Garante, banned DeepSeek’s R1 app in Italy after the company claimed EU laws don’t apply, despite processing Italian user data. Authorities in Belgium, Ireland, France, and the Netherlands are also probing DeepSeek’s practices, and fines of up to €20 million or 4 percent of global turnover are looming, according to a 2025 TechRadar report.
Will Data Transfers Threaten EU User Privacy?
DeepSeek’s storage of EU user data in China raises concerns due to Chinese national security laws, which could compel data sharing with authorities, per a 2025 European Data Protection Board study. The company’s privacy policy lacks transparency on data processing and legal bases, violating GDPR’s transparency principles. A 2025 ComplianceHub report notes DeepSeek’s failure to appoint an EU representative further exacerbates non-compliance, risking user privacy.
This mirrors Italy’s 2023 ChatGPT ban, which led to a €15 million fine for OpenAI. DeepSeek’s rapid global adoption, with millions of downloads, amplifies the urgency, as EU users face potential data exposure without consent, per a 2025 Politico report.
ALSO READ | Can Meta Balance User Freedom with Spoiler Responsibility?
Can DeepSeek Avoid a Broader EU Crackdown?
The investigation could trigger a domino effect across the EU’s 27 member states, as each data protection authority can act independently, per a 2025 Euro Weekly News report. Belgium’s consumer group Testachats filed a complaint over illegal data transfers, and Ireland’s Data Protection Commission is querying DeepSeek’s practices, per a 2025 Techdirt report. The EU AI Act, while not covering military AI, heightens scrutiny on data practices, per a 2025 Euronews report.
DeepSeek’s dismissive response to Garante, claiming the non-applicability of EU laws, has escalated tensions. Without swift compliance, more bans could follow, potentially locking DeepSeek out of the European market, per a 2025 Dataconomy report.
Chinese Data Practices Fuel Regulatory Tensions
DeepSeek’s data storage in China, without GDPR-compliant mechanisms, aligns with broader concerns about Chinese tech firms. A 2025 The Hacker News report highlights DeepSeek’s insufficient response to Garante’s inquiries, echoing issues with TikTok’s €530 million EU fine for data transfers. The lack of clarity on whether user data trains DeepSeek’s models, per a 2025 NatLawReview report, heightens risks of unauthorized data use.
As EU regulators prioritize data sovereignty, DeepSeek’s practices could set a precedent for stricter enforcement against non-EU AI firms, potentially reshaping cross-border data flows.
Did you know?
In 2023, Italy’s Garante temporarily banned ChatGPT, resulting in a €15 million fine for OpenAI, setting a precedent for swift GDPR enforcement against AI firms.
Non-Compliance Risks Market Exclusion
DeepSeek’s failure to address GDPR requirements, coupled with its January 2025 cyberattack exposing chat histories, undermines trust. The company’s claim of “commercially reasonable” security measures lacks specifics. With no EU presence, DeepSeek faces challenges responding to multiple regulators, risking further bans, as seen in Canada’s partial government device ban.
The EU’s aggressive stance, led by Italy’s Garante, signals a broader push to enforce data privacy, potentially isolating non-compliant AI firms from a key market.
What Lies Ahead for DeepSeek’s EU Operations?
Italy’s probe into DeepSeek’s Chinese data storage practices highlights critical GDPR violations, threatening its European market access. With multiple EU countries investigating and no clear compliance plan, DeepSeek risks broader bans. Its data practices underscore tensions between AI innovation and EU privacy standards, potentially reshaping global regulations. Can DeepSeek adapt to avoid exclusion from the EU market?
Comments (0)
Please sign in to leave a comment
No comments yet. Be the first to share your thoughts!