Data Protection Authorities Initiate Proceedings Against DeepSeek

In response to growing concerns regarding the Chinese AI application DeepSeek, data protection authorities from seven German federal states have united to commence a coordinated review process. The initiative arises from the lack of an appointed EU representative by DeepSeek, prompting scrutiny into whether the companies behind the application comply with EU regulations.

The investigation, which began on February 14, aims to determine if the Chinese firms associated with DeepSeek have designated a representative within the European Union. According to Alexander Roßnagel, the Hessian State Data Protection Officer, failure to appoint a representative for services offered in the EU constitutes a violation of the General Data Protection Regulation (GDPR), specifically Article 27, Section 1. Such non-compliance could lead to substantial fines.

In addition to the authorities from Rheinland-Palatinate, the review involves officials from Baden-Württemberg, Thuringia, Saxony-Anhalt, Bremen, and Berlin. Reports indicate that the South Korean government has recently prohibited the use of DeepSeek due to inadequate data protection measures. This ban will remain in effect until the application implements necessary improvements and corrective actions.

There have been prior instances of governmental agencies restricting access to the application, primarily due to concerns over data collection practices. Italy has also taken similar action against DeepSeek, citing privacy issues. Critics raise alarms over the extensive retention of user data and the potential for manipulation of the application for illicit purposes, as well as the risk of unauthorized access by Chinese state actors.