Data protection authorities initiate proceedings against DeepSeek

After various authorities and IT security experts expressed considerable security concerns about the Chinese AI application DeepSeek, eight state data protection commissioners have joined forces for a “coordinated review procedure”. The Rhineland-Palatinate State Data Protection Commissioner had already announced that he was preparing a review procedure. The procedures, which started on February 14, are intended to clarify “whether the two Chinese companies behind DeepSeek have appointed a representative in the European Union”, according to a press release by Alexander Roßnagel, the data protection officer for the state of Hesse.

Insofar as DeepSeek offers services in the EU but has not appointed a representative in the EU, this constitutes a breach of the General Data Protection Regulation – specifically Art. 27 para. 1 –. Such an infringement can be punished with a fine. Other state data protection commissioners examining the case are from Rhineland-Palatinate, Baden-Württemberg, Thuringia, Saxony-Anhalt, Hesse, Bremen, and Berlin.

The South Korean government recently banned the use of DeepSeek due to inadequate data protection, as reported by the media. The ban will only be lifted once “improvements and corrective measures” have been implemented. Previously, several ministries had already banned the application. The reason given was the collection of data. Italy had also banned DeepSeek due to data protection concerns. The extensive storage of user data and the potential manipulability of the application for criminal purposes and the extent to which Chinese spies have access to user data have been criticized.

(mack)