What’s Happening?
The rapid rise in popularity? Here’s Italy’s Data Protection Authority (DPA). Italy’s Data Protection Authority (DPA) has officially asked DeepSeek, a Chinese AI company, to clarify how it handles user data. This is the first significant regulatory action against DeepSeek since its rise in popularity.
Before going to the actual news, I came across the company’s privacy policy and pointed out big red flags everyone should read:
- Data Storage? All in China. There’s no mention of any EU-approved data transfer mechanisms required if they handle EU user data.
- There is no EU Representative. Despite actively serving European users, DeepSeek has not designated a Data Protection Officer (DPO), an essential GDPR requirement.
- What About User Rights? They don’t clearly explain how EU users can exercise their data rights under GDPR.
- Vague on Data Retention & Legal Basis. There’s no clear breakdown of how and on what legal grounds they’re processing user data. GDPR requires specificity, and this policy just doesn’t have it.
Why Is This a Big Deal?
- Lack of Transparency: What data does DeepSeek collect, its use, and how is it all gathered? Regulators want to know each and everything.
- Children’s Data at Risk? Deepseek started with an agenda of only 18+. However, the DeepSeek minors’ data policy is still unclear. Regulators worry about minor’s data protection.
- Possible Censorship Issues: Europe works on ‘Free Speech Mode’.Since Chinese AI and GDPR compliance can be controversial, there are concerns about whether it censors politically sensitive topics.
What are people and experts saying?
Italy’s no-nonsense approach is a masterclass in governance. It tells the world that compliance isn’t optional, whether you’re a Silicon Valley giant or an ambitious Chinese newcomer. Italy is a nation that guards privacy and sets a standard for ethical, transparent, and responsible AI. Clara Lin Hawking – an AI governance specialist, in her recent post on LinkedIn.
I would be very cautious about using Deepseek’s models in an enterprise setting and as a private citizen. – Simone Bussu Simm, a Data Analysis Specialist, in his recent post on LinkedIn.
What’s Next?
- DeepSeek has 20 days to respond to the Italian authorities.
- More European regulators may investigate DeepSeek’s privacy practices.
- The European Commission on DeepSeek monitors the situation but hasn’t launched a formal investigation yet.
Italy is the first country to challenge DeepSeek GDPR compliance, but it might not be the last. If the AI company fails to comply with GDPR, it could face serious legal and financial consequences in Europe. Will Italy’s Data Protection Authority (DPA) put a full stop to DeepSeek’s popularity, grabbing their #1 spot on the Apple Store?
Read More: DeepSeek vs The Tech Giants: The AI Disruption No One Saw Coming