DeepSeek Under EU Scrutiny for GDPR Compliance
DeepSeek, a Chinese AI company, is facing scrutiny from Euroconsumers and the Italian Data Protection Authority (DPA) over its data handling practices in relation to GDPR. The Italian DPA has requested detailed information from DeepSeek about the personal data it collects, its sources, purposes, and the legal basis for processing. Concerns have been raised about data transfers to China and the protection of minors on the platform. DeepSeek has 20 days to respond to the inquiry.
The Italian DPA’s request includes how DeepSeek informs users, both registered and unregistered, about data processing, especially if data is collected through web scraping. Euroconsumers also noted the lack of age verification measures and protections for minors, despite DeepSeek’s policy stating it is not intended for users under 18. The case highlights the growing focus on AI companies’ compliance with data protection regulations.
At a European Commission press conference, concerns were raised about DeepSeek’s compliance with EU data privacy and free speech rules. However, the Commission stated it is too early to discuss investigations, emphasizing that AI services in Europe must adhere to the region’s regulations. The UK Information Commissioner’s Office echoed this sentiment, stressing the importance of transparency from generative AI developers.
DeepSeek’s operations have sparked discussions about the costs of training and running AI models, with allegations that it may have used proprietary models from companies like Microsoft and OpenAI. This situation underscores the ongoing debates around intellectual property and copyright in AI development. The outcome of the Italian DPA’s inquiry may set a precedent for how AI companies manage data protection and privacy in Europe.
