The DeepSeek app has quickly hit the top of appstore download charts. However, while the markets reacted, people downloaded and governments strategised, Euroconsumers and its members were standing up for consumers’ interests by scrutinising DeepSeek’s handling of people’s personal data.
Non-EU companies like DeepSeek AI must comply with the EU’s General Data Protection Regulation (GDPR) if they are offering of goods or services to European data subjects.
The analysis has found that DeepSeek’s data processing is contrary to the GDPR. Our Italian member, Altroconsumo filed a report with the Italian Data Protection Authority requesting a temporary restriction on DeepSeek’s processing of Italian users personal data due to several concerns including:
- Personal data of European users is transferred to China without proper safeguards (e.g. standard contractual clauses (SCCs) or binding corporate rules (BCRs). Chinese law allows state access to data without guarantees of transparency or proportionality, but under the GDPR, personal data can only be transferred to a third country if that country is deemed to provide adequate levels of protection or if special agreements are in place
- The privacy policy published on the official website reveals multiple violations of European and national data protection regulations
- Incomplete Information: there is insufficient details on data retention, user rights, and data categories
- Profiling: it is unclear if data is used for profiling or automated decisions
- Rights of Data Subjects: there are ambiguous procedures for exercising rights
- Children: there are no details on age verification or handling data of minors.
DeepSeek’s GenAI tech works fast but so do Euroconsumers and its members who took swift action on a lack of security and protection for consumers’ data
Read More
