Chinese AI startup DeepSeek is now facing scrutiny and agencies are seeking to know the way it handles personal data. European consumer groups teamed up with the Italian Data Protection Authority (DPA) is to file a complaint questioning whether DeepSeek complies with the General Data Protection Regulation (GDPR) in protecting personal data within the European Union. It is one of the first such regulatory responses to recent rise in prominence of DeepSeek.
The Italian DPA has written to DeepSeek and requested for detailed information about its data practices. The authority has expressed concerns that the data of millions of Italians is at risk and has the company now has 20 days to respond. The DPA is specifically asking DeepSeek to confirm which types of personal data is being collected, where that data comes from and how it is used. DeepSeek claims that the data transfers to China are conducted in accordance with applicable data protection laws.
The DPA is also asking DeepSeek to clarify what kind of data is used to train its artificial intelligence systems and whether personal data is being collected through web scraping. The authority wants to know the way users are informed about the way their data is being processed. The Italian DPA has given DeepSeek a 20-day window to provide the requested information.
The growing scrutiny highlights the increasing concerns around AI companies and their handling of personal data.
