Italy Investigates DeepSeek Over Data Privacy, App Pulled from Stores

Italy’s data protection authority has launched an inquiry into DeepSeek, a Chinese AI startup, following concerns over its handling of personal data. The move follows a formal complaint from Euroconsumers, a coalition of European consumer groups, alleging potential violations of the General Data Protection Regulation (GDPR).

The Italian Data Protection Authority (DPA) confirmed that it has sent DeepSeek a request for information, stating, “A rischio i dati di milioni di persone in Italia”—or, “The data of millions of Italians is at risk.” DeepSeek has 20 days to respond.

DeepSeek’s Data Practices Under Scrutiny

DeepSeek, which has recently gone viral, operates out of China and stores its collected data on servers within the country. While its privacy policy claims that data transfers comply with applicable regulations, Euroconsumers and the Italian DPA are demanding more transparency regarding:

• The types of personal data collected

• Data sources and usage, including AI training data

• The legal basis for processing personal data

• Security measures for data stored in China

• Web scraping practices and user notifications

Additionally, concerns have been raised over DeepSeek’s lack of age verification mechanisms. While the company states its platform is not intended for users under 18, it does not enforce this restriction.

Regulatory Response and Potential Broader Action

Euroconsumers and Italian authorities represent the first formal challenge to DeepSeek’s practices in Europe, but further investigations could follow. During a European Commission press conference, Tech Sovereignty Spokesperson Thomas Regnier acknowledged that all AI services operating in the EU must comply with regional laws. However, he refrained from commenting on whether DeepSeek currently meets those standards, emphasizing that it is too early to determine if an investigation will take place.

Similarly, the UK’s Information Commissioner’s Office (ICO) stated that generative AI developers must provide clear and accessible information about personal data usage. While ICO has not taken direct action against DeepSeek, it reinforced its commitment to enforcing transparency measures when necessary.

Possible Copyright and IP Questions

Beyond privacy concerns, industry experts are also questioning DeepSeek’s AI training methods. Reports suggest that Microsoft and OpenAI suspect the company may have used “distillations” of proprietary models, raising potential intellectual property and copyright issues. If proven, this could expose DeepSeek to further legal challenges.

DeepSeek Pulled from Italian App Stores

Shortly after the Italian DPA’s request for information, DeepSeek’s app was removed from Apple’s App Store and Google Play in Italy. However, the service remains accessible online. The app has gained massive popularity worldwide, topping download charts in multiple countries, including the United States.

As European regulators continue to assess DeepSeek’s compliance with GDPR and AI governance rules, the case may set a precedent for how AI companies from outside the region are scrutinized and regulated.

What This Means

Italy’s move signals increased regulatory attention on AI platforms, particularly those operating outside the EU. If DeepSeek fails to provide satisfactory answers within 20 days, further action—including potential fines or restrictions—could follow. Meanwhile, similar investigations in other European countries remain a possibility as authorities seek to ensure compliance with regional privacy laws.

Editor’s Note: This article was created by Alicia Shapiro, CMO of AiNews.com, with writing, image, and idea-generation support from ChatGPT, an AI assistant. However, the final perspective and editorial choices are solely Alicia Shapiro’s. Special thanks to ChatGPT for assistance with research and editorial support in crafting this article.