China’s DeepSeek AI, a rapidly growing chatbot, has drawn the attention of European regulators shortly after achieving viral success. The artificial intelligence service quickly became the top-rated free app on Apple’s App Store in the US and multiple other regions. However, its rise has triggered concerns over data privacy, particularly within the European Union.
As reported by TechCrunch, the Italian Data Protection Authority, known as Garante, has formally requested information from DeepSeek regarding potential risks to the personal data of millions of users in Italy. Garante plays a key role in ensuring compliance with the General Data Protection Regulation (GDPR) within the country.
Italian Watchdog Demands Transparency on Data Handling
In an official statement on its website, Garante confirmed that it has contacted DeepSeek’s offices in both Hangzhou and Beijing. The authority is seeking detailed explanations about the type of personal data collected by the AI chatbot, the specific purposes for which it is used, and whether this data is stored on servers located within China.
DeepSeek’s privacy policy acknowledges that it transfers users’ personal data to China-based servers. The company states that such transfers are conducted in compliance with applicable data protection regulations. However, the Italian authority wants further clarification on how these legal requirements are being met.
Concerns Over AI Training Data and Web Scraping Practices
Additionally, Garante has raised concerns regarding the methods DeepSeek employs to train its AI models. If the chatbot relies on web scraping, the authority is demanding transparency on how both registered and non-registered users are informed about data collection and processing.
Meanwhile, a Bloomberg report indicates that tech giants Microsoft and OpenAI are investigating whether DeepSeek improperly accessed OpenAI’s data for training purposes. Allegedly, in late 2024, a group of users exfiltrated a significant volume of data via OpenAI’s API. Microsoft’s security researchers reportedly suspect a connection between this data breach and DeepSeek’s AI model.
Regulatory Pressure and National Security Implications
DeepSeek now has 20 days to respond to Garante’s inquiries. Failure to provide satisfactory answers could result in further regulatory scrutiny or penalties under GDPR regulations.
Beyond Europe, the chatbot has also caught the attention of US authorities. According to Reuters, officials in the United States have begun assessing potential national security risks associated with the China-based AI service. Given rising geopolitical tensions and increasing concerns over AI-driven data security, DeepSeek AI is now at the center of a growing international debate over privacy and compliance in the age of artificial intelligence.
