In a decisive move underscoring the growing global scrutiny over artificial intelligence (AI) and data privacy, the Netherlands’ privacy watchdog, Autoriteit Persoonsgegevens (AP), has announced an investigation into Chinese AI firm DeepSeek. The investigation centres on alleged shortcomings in the company’s data collection practices and privacy policies, sparking widespread concern among regulators and users alike.
The AP’s statement, delivered by Chairman Aleid Wolfsen, emphasises “serious concerns” regarding DeepSeek’s handling of personal information. According to Wolfsen, the AP’s warning comes as a direct response to issues surrounding the firm’s privacy policies and its use of personal data. “We are issuing this warning because of serious concerns over DeepSeek’s privacy policies… and the manner in which personal information appears to be used,” Wolfsen stated. This cautionary note highlights a broader conversation about the balance between technological innovation and stringent data privacy standards, particularly within the realm of AI.
DeepSeek’s case is part of a wider trend where data privacy is increasingly scrutinized across the tech industry. With the advent of advanced AI applications, regulatory bodies across Europe are intensifying their oversight to ensure that companies adhere to strict data protection rules, notably under the General Data Protection Regulation (GDPR).
European Regulatory Response and Cross-Border Data Challenges
The AP’s decision to investigate comes on the heels of similar actions by European counterparts. Just last week, Italy blocked DeepSeek’s app due to privacy concerns, while both Ireland and France have actively sought details from DeepSeek regarding its data processing methods. These developments underscore the growing urgency among European regulators to enforce data protection rules, especially concerning the storage of European citizens’ personal data abroad.
European law mandates that personal data can only be stored outside the European Economic Area (EEA) under strict conditions—a regulation that DeepSeek must rigorously comply with if it wishes to operate in the region. This multi-country regulatory attention marks a pivotal moment for companies handling sensitive data and sets the stage for potentially unified EU actions against firms that fall short of GDPR requirements.
In a coordinated response to what many view as a significant breach of trust in data handling practices, the AP has confirmed ongoing communication with other EU regulatory bodies. This collaboration is intended to facilitate information exchange and to strategize further steps that may be taken to safeguard data privacy across the continent. The integrated approach reflects a strong commitment by EU regulators to create a consistent and robust framework for data protection, ensuring that innovative technologies do not compromise individual privacy rights.