The Italian Data Protection Authority (DPA) has taken a significant step in addressing data privacy concerns by filing a complaint against DeepSeek, a prominent large language model developed in China. The DPA's complaint centers on allegations related to the mishandling of personal data, potentially breaching the General Data Protection Regulation (GDPR). Alongside the Italian DPA, Euroconsumers, a coalition of European consumer groups, has also lodged a complaint against DeepSeek. These actions underscore growing concerns about how the company collects, stores, and transfers personal data.
DeepSeek, known for its advanced language processing capabilities, has faced scrutiny due to its ambiguous data collection and transfer practices. The Italian DPA seeks clarity on several key aspects of DeepSeek's operations. Notably, it demands information on the types of personal data collected, the sources of this data, and the purposes for which it is used. Additionally, the DPA has expressed interest in understanding how DeepSeek ensures compliance with data protection laws, especially in light of its operations being centralized in China.
A specific point of contention is DeepSeek's age policy. The platform states it is not intended for users under 18 years old; however, it lacks robust mechanisms to enforce this policy. This gap in protection for minors is a primary concern for both the Italian DPA and Euroconsumers. The Italian DPA has requested detailed information on how DeepSeek safeguards or restricts minors on its platform. Euroconsumers emphasized that there is an absence of age verification processes and inadequate handling of minors' data.
DeepSeek has 20 days to respond to the Italian DPA's request for information. The company must provide comprehensive details about its data protection measures, particularly concerning its server operations based in China. The Italian DPA seeks transparency regarding these servers, questioning how they align with European data protection standards.
DeepSeek's policy mentions that data transfers to China are conducted "in accordance with the requirements of applicable data protection laws." However, this brief assurance has not assuaged concerns from European authorities or consumer groups. The European Commission has joined the chorus of concern, citing issues related to security, privacy, and censorship linked to DeepSeek's operations.
Thomas Regnier, the Commission Spokesperson for Tech Sovereignty, emphasized that services provided in Europe must adhere to European regulations. He stated:
“The services offered in Europe will respect our rules.”
Regnier also noted that the current phase is preliminary and not yet an official investigation.
“These are very early stages, I’m not talking about an investigation yet.”
The Italian DPA's move reflects a broader trend among European authorities to scrutinize foreign technology companies operating within their jurisdiction. With increasing reliance on digital services and platforms, ensuring compliance with GDPR and other data protection laws remains a top priority.
Leave a Reply