The Chinese AI company DeepSeek is under scrutiny as data protection watchdogs in Ireland and Italy raise concerns about how it handles personal data. The Irish Data Protection Commission (DPC) has confirmed that it has contacted DeepSeek to request details on how the company processes data belonging to Irish citizens.
A spokesperson for the DPC stated, “The Data Protection Commission has written to DeepSeek requesting information on the data processing conducted about data subjects in Ireland.” This request comes less than a day after Italy’s data watchdog made a similar inquiry into the company’s data handling practices.
DeepSeek has not responded publicly to these requests, but its mobile app has already been removed from the Google Play Store and Apple App Store in Italy. This move has raised further concerns about the company’s compliance with European data protection laws, particularly the General Data Protection Regulation (GDPR).
Italy warns that millions of users’ data could be at risk
The Italian Data Protection Authority has warned about the potential risks to users’ personal information. In its communication to DeepSeek, it stated, “A rischio i dati di milioni di persone in Italia” (“The data of millions of Italians is at risk”). The company has been given 20 days to respond to the request for information.
A major concern is that DeepSeek, which operates out of China, stores user data in its home country. While its privacy policy claims that data transfers comply with relevant protection laws, European consumer rights group Euroconsumers argues that this explanation lacks transparency.
Euroconsumers, which previously won a case against Grok over AI data training practices, has filed a complaint with Italy’s data watchdog. The complaint questions what personal data DeepSeek collects, where it comes from, and how it is used to train its AI systems. The Italian regulator also seeks clarity on the company’s legal basis for data processing and details about its data storage servers in China.
Additionally, the watchdog has asked DeepSeek to explain how it informs registered and non-registered users about their data being collected, mainly if the company gathers information through web scraping. Another key issue raised is DeepSeek’s lack of protections for minors using its services.
DeepSeek’s current policy states that its services are not intended for users under 18, but it does not enforce any age verification measures. The policy suggests that users between 14 and 18 should review its terms with an adult, but critics argue this is insufficient.
European Commission remains cautious on potential investigation
The European Commission has also noticed DeepSeek’s growing presence in Europe. During a recent press conference, Thomas Regnier, Commission Spokesperson for Tech Sovereignty, questioned the AI company’s privacy practices, security risks, and possible censorship concerns. However, the Commission has not confirmed whether it will launch a formal investigation.
Regnier stated, “The services offered in Europe will respect our rules,” referring to the EU’s AI Act and data protection regulations. However, he declined to say whether DeepSeek is complying with these regulations.
The unfolding situation suggests that DeepSeek could face more scrutiny from European regulators. For now, the company remains under pressure to provide clear answers about its data practices as concerns grow over the security and privacy of millions of users across Europe.
