The Italian Data Protection Authority has launched an investigation into Chinese AI company DeepSeek, citing concerns about the potential misuse of personal data from millions of users in Italy. The watchdog sent requests for detailed information to Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, which operate the DeepSeek chatbot app.

At the heart of the inquiry are questions about the collection, storage, and usage of personal data by DeepSeek, including whether such data is stored on servers located in China. European regulators worry that the information could be exploited, posing a significant privacy risk.

The Italian authority is pressing DeepSeek for transparency on several fronts: the types of data collected, the sources of this information, the purposes of data processing, and whether the chatbot relies on web scraping activities. These practices raise particular concerns about how data from registered and non-registered users is handled. The company has 20 days to respond to the authority’s inquiries.

The investigation comes amid heightened scrutiny of DeepSeek, a Chinese AI startup that has rapidly gained international attention. Its AI chatbot recently became the most downloaded free app on Apple’s iPhone store, drawing comparisons to U.S.-developed ChatGPT. DeepSeek has been touted for achieving advanced AI capabilities at a fraction of the cost of its American counterparts, a development sparking geopolitical debates over AI leadership. noyb, a European privacy advocacy group, recently filed six General Data Protection Regulation (GDPR) complaints against similar companies.

DeepSeek’s latest model, R1, has been praised for its innovative “reasoning” capabilities and cost-efficient use of Nvidia’s H800 chips, which are not subject to U.S. export controls. However, this breakthrough has raised alarms about the implications for global competition in AI development and data security.

European Union data protection laws, under the GDPR, prohibit the transfer of personal data to countries that fail to meet EU privacy standards unless stringent safeguards are in place. DeepSeek’s alleged reliance on servers in China could put it in direct violation of these regulations.

Legal experts note that Chinese companies are required by law to provide user data to their government upon request, raising further fears about the potential misuse of European data. Transparency reports from companies like Xiaomi highlight the large-scale access Chinese authorities have to personal data, compared to minimal requests from EU governments.

Need Help?

If you’re concerned or have questions about how to navigate the global AI regulatory landscape, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight and ensure you’re informed and compliant.