Italian data protection authority launches investigation into DeepSeek AI over privacy concerns

The Italian Data Protection Authority (IDPA) has commenced an investigation into DeepSeek, an AI firm, raising concerns about privacy and the handling of personal data. This initiative follows the IDPA’s pattern of scrutinising major AI platforms, as observed in past evaluations of ChatGPT.

The Authority has requested detailed information from Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, the entities responsible for the DeepSeek chatbot service, in both its online and app-based forms. The central concern stems from the potential high risk to the personal data of millions of Italians, prompting the IDPA to question DeepSeek’s data collection sources, purposes, legal grounds, and storage locations, particularly focusing on any servers in China.

Further, the IDPA inquiry delves into the data utilised to train DeepSeek’s AI system. It seeks specific clarifications on the processing of personal data, especially if obtained through web scraping, aiming to assess how registered and non-registered users are informed about their data usage. This aspect underscores the priority of transparency and the necessity for obtaining informed consent. The investigation’s urgency is highlighted by the 20-day deadline given to DeepSeek to furnish the requisite information, characterising the IDPA’s approach as swift and firm given potential privacy risks within the EU.

This action by the IDPA coincides with ‘Data Protection Day’, emphasising the agency’s commitment to privacy issues and enhancing international awareness regarding data protection. It reflects a broader regulatory trend of increased scrutiny over AI technologies, ensuring stringent data protection standards are upheld. As AI advances, ensuring public trust and safeguarding personal information are deemed critical, and such regulatory measures are likely to become more prevalent.