DeepSeek faces regulatory scrutiny in Europe over data privacy

European regulators increase pressure on DeepSeek amid concerns over data collection and AI transparency.

This illustration shows the DeepSeek AI application logo displayed on a cell phone against a white background with a kaleidoscope effect in Paris, France, on January 28, 2025. Photo by Samuel Boivin/Nur/Getty Images

By Alana Salsabila and Clarisa Sendy

DeepSeek, a rapidly growing Chinese artificial intelligence startup, is under increasing scrutiny from European privacy regulators. The European Data Protection Board (EDPB) warned on Tuesday that the company could face more regulatory actions in the future as concerns mount over its data collection practices.

The warning follows Italy’s recent ban on DeepSeek’s chatbot, citing a lack of transparency in its use of personal data. Meanwhile, privacy regulators in France, the Netherlands, Belgium, Luxembourg, and other EU nations have launched investigations into the company’s handling of user information.

EU privacy watchdog expands AI taskforce

In response to growing concerns, the EDPB announced that it has expanded the scope of its existing AI taskforce, which was originally created in April 2023 to monitor OpenAI’s ChatGPT. This move reflects the European Union’s heightened focus on AI-driven data privacy issues.

A spokesperson for the EDPB confirmed the development in an email following a monthly meeting of national privacy regulators. "Several DPAs (data protection authorities) have already started actions vis-a-vis DeepSeek, and there may be further actions in the future," the spokesperson stated.

Quick response team set up for urgent AI privacy issues

Recognizing the urgency of AI-related privacy risks, the EDPB also announced the formation of a quick response team. This new unit will coordinate actions among national regulators to address pressing concerns related to AI-driven data processing and privacy violations.

"In addition, the EDPB members underlined the need to coordinate DPAs' actions regarding urgent sensitive matters and for that purpose will set up a quick response team," the spokesperson added. This move signals the EU’s commitment to enforcing stringent privacy standards for AI companies operating within its jurisdiction.

Italy’s DeepSeek ban sparks wider regulatory review

Italy was the first EU country to take decisive action against DeepSeek, blocking access to its chatbot over concerns about how it processes user data. The Italian data protection authority, known as Garante, cited a lack of transparency in the AI model’s data collection and potential violations of the General Data Protection Regulation (GDPR).

Italy’s decision has prompted other European regulators to accelerate their own investigations. Authorities in France, the Netherlands, Belgium, and Luxembourg have raised similar concerns, questioning whether DeepSeek complies with the EU’s strict data privacy laws.

GDPR: The world's toughest privacy law

The European Union has been a global leader in data privacy protection. Its General Data Protection Regulation (GDPR), which came into effect in 2018, is widely regarded as the most stringent privacy law in the world. Under GDPR, companies that collect and process personal data must adhere to strict guidelines, ensuring transparency, user consent, and data security.

AI-driven platforms like DeepSeek must comply with GDPR requirements, including clear disclosures on how user data is collected and processed. Any failure to meet these standards can result in heavy fines and regulatory action.

DeepSeek’s impact on the AI landscape

DeepSeek has gained significant attention as a low-cost alternative to major AI platforms like OpenAI’s ChatGPT and Google’s Gemini. Its affordability and rapid adoption have made it a popular choice among users, but its data practices have drawn increasing regulatory scrutiny.

Unlike its Western counterparts, DeepSeek operates under China’s regulatory framework, which has raised concerns among European authorities about data security and potential government oversight. These factors have contributed to growing skepticism about whether the AI company aligns with GDPR standards.

What’s next for DeepSeek in Europe?

The intensified regulatory focus on DeepSeek signals potential challenges for the company as it seeks to expand in Europe. With multiple national regulators investigating its data practices, the company may be required to implement stricter privacy measures or face further bans across the region.

The expansion of the EDPB’s AI taskforce and the establishment of a quick response team suggest that European regulators are preparing for broader enforcement actions against AI firms that fail to comply with GDPR.

As the EU continues to lead global efforts in data privacy, DeepSeek's ability to adapt to these regulations will determine its future in the European market. Whether the company can address regulatory concerns and build trust among European users remains to be seen.

Explore more in DeepSeek