Italy Investigates DeepSeek AI Over Privacy Concerns: What You Need to Know

2025-01-29

Italy has launched a formal investigation into DeepSeek, a Chinese-developed chatbot, over serious privacy concerns related to its handling of user data. This investigation marks the first time a country has taken such action, highlighting the growing tension between innovative AI technologies and the protection of personal data.

On January 28, 2025, Italy’s data protection authority, the Garante, announced that DeepSeek, which has already gained millions of users globally, might be putting the data of Italians at significant risk. This move follows a report by Euroconsumers, a coalition of European consumer organizations, which flagged multiple violations of data protection laws, particularly the European Union’s General Data Protection Regulation (GDPR).

DeepSeek, a chatbot designed as a competitor to ChatGPT, is owned by two Chinese companies: Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence. With nearly 3 million downloads and a user base of 5-6 million worldwide, the app has raised red flags due to its data practices. Specifically, concerns have been raised over the transfer of European data to China without proper safeguards, unclear data usage for online profiling, and the handling of minors’ data.

The Garante has given the companies behind DeepSeek 20 days to respond to the complaint, demanding clarification on data usage and the potential risks associated with web scraping activities. This investigation comes after a similar case in 2023 when Italy temporarily banned ChatGPT for breaching GDPR rules.

What Undercode Says: The Bigger Picture of AI Privacy Issues

The DeepSeek investigation in Italy serves as a significant case study in the ongoing conflict between technological innovation and privacy concerns. As AI systems like chatbots continue to grow in popularity, the risks related to user data become increasingly evident. Italy’s swift action against DeepSeek comes as a reminder that national data protection agencies are under immense pressure to ensure companies comply with stringent privacy laws, especially when dealing with personal data in international contexts.

One of the key concerns with DeepSeek’s operations, as noted by the Garante, is the potential violation of the GDPR. This regulation mandates that any transfer of European personal data outside of the EU must be done with strict safeguards to protect users’ privacy. DeepSeek’s failure to meet these requirements, particularly by transferring data to China, could have serious implications for its future operations in the European market.

The lack of transparency in how DeepSeek uses personal data for profiling is another issue at the heart of the investigation. GDPR emphasizes the need for companies to clearly inform users about how their data will be used, especially when it involves automated decision-making processes like profiling. The opacity in DeepSeek’s policies regarding these practices could further undermine user trust.

Moreover, the absence of clear information on how long user data is retained also raises alarms. GDPR requires that personal data be stored only for as long as necessary for the purposes for which it was collected. Any failure to comply with this requirement can lead to severe penalties, as it violates the fundamental rights of individuals to have control over their own data.

The lack of age verification procedures within DeepSeek’s services is particularly troubling. GDPR sets out strict rules for handling data of minors, and without proper safeguards, DeepSeek could be in violation of these regulations. This highlights a growing issue in the AI industry, where many companies may overlook the specific needs and protections required when dealing with younger users’ data.

Looking beyond the specific case of DeepSeek, this investigation fits into a broader narrative about the role of AI in our lives and the data privacy challenges it presents. The rise of AI chatbots and other machine learning technologies has led to a surge in personal data collection. Companies often leverage vast amounts of user data to train AI models, making privacy concerns more complex.

While technological advancements bring significant benefits, such as enhanced efficiency and automation, the potential for abuse is significant. Without proper regulation and oversight, companies may misuse user data, leading to potential harm, including identity theft, data breaches, and manipulation.

The investigation into DeepSeek serves as a warning to other AI developers that user privacy cannot be sidelined in the pursuit of technological innovation. As the global digital landscape continues to evolve, more countries may follow Italy’s example and take action against companies that fail to comply with data protection laws.

In conclusion, while AI technologies like DeepSeek offer exciting potential, they also raise serious questions about how we protect personal data. As the investigation unfolds, the outcome could set an important precedent for how AI companies worldwide approach privacy issues, especially in regions with strong data protection regulations like the EU. For now, users should remain cautious about the apps they engage with and stay informed about their privacy practices to avoid potential risks.