DeepSeek’s privacy concerns have escalated into a formal regulatory challenge as German authorities take decisive action against the Chinese AI company’s data handling practices. Berlin’s commissioner for data protection and freedom of information, Meike Kamp, has officially reported DeepSeek to Apple and Google, demanding the removal of the AI chatbot from their respective app stores over alleged violations of European Union data protection laws.
The controversy centres on DeepSeek’s transfer of user data to China, which Kamp declared “unlawful” under current EU regulations. In a statement released late last month, the German official accused the Chinese company of failing to provide “convincing evidence” that users’ data was adequately protected, as mandated by European Union law.
The core of the allegations
Kamp’s concerns extend beyond simple data transfer issues. She highlighted that “Chinese authorities have far-reaching access rights to personal data within the sphere of influence of Chinese companies,” pointing to fundamental structural problems with how Chinese tech companies handle international user data.
This observation reflects broader geopolitical tensions around data sovereignty and national security. The German official also emphasised that “DeepSeek users in China do not have the enforceable rights and effective legal remedies guaranteed in the European Union,” suggesting that the company’s data protection framework falls short of EU standards regardless of geographical location.
Under the EU’s General Data Protection Regulation (GDPR), companies are prohibited from transferring data outside the European region unless specific safeguards exist in the destination countries. DeepSeek’s apparent failure to meet these requirements has triggered regulatory action across multiple EU member states.
A pattern of non-compliance
The situation has been exacerbated by DeepSeek’s alleged non-cooperation with regulatory authorities. Kamp revealed that her office had previously asked DeepSeek to either comply with EU laws for transferring data outside the bloc or withdraw its app from Germany. The company has reportedly chosen neither option, escalating the regulatory standoff.
This pattern of non-compliance isn’t isolated to Germany. Italy has already taken decisive action, banning DeepSeek from its app stores in January over similar data protection concerns.
The country’s data protection authority ordered a block on both Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence — the Chinese companies behind the DeepSeek chatbot — effectively forcing them to stop processing Italian users’ data.
The Italian ban was reportedly triggered after DeepSeek told authorities it would not cooperate with requests for information, demonstrating a concerning pattern of regulatory resistance.
Technical and security implications
Beyond regulatory compliance, studies have identified broader cybersecurity and safety issues with DeepSeek’s technology. Research has shown concerns over DeepSeek-R1’s susceptibility to generating harmful and biased content, raising questions about the platform’s content moderation capabilities and safety protocols.
The privacy concerns are compounded by China’s legal framework, which grants intelligence agencies broad access to data shared on mobile and web applications. This legal requirement creates inherent conflicts with European data protection principles, making compliance potentially impossible without fundamental structural changes.
The broader context
DeepSeek gained significant attention in January when it launched its AI model, claiming development costs were a fraction of competitors’ investments. This cost advantage initially generated industry excitement, but regulatory scrutiny has quickly shifted focus to privacy and security considerations.
The company’s rapid rise has coincided with increasing global scepticism about Chinese tech companies’ data practices. National security concerns have become paramount as governments worldwide grapple with the implications of allowing foreign AI companies access to citizens’ personal information.
What happens next
The immediate decision now rests with Apple and Google, who must review Kamp’s report and determine whether to remove DeepSeek from their app stores. This decision could set a significant precedent for how major tech platforms handle regulatory complaints about data privacy violations.
If both companies comply with the German request, it would effectively mirror Italy’s approach and could signal broader European consensus on DeepSeek privacy concerns. Such action might encourage other EU member states to take similar measures, potentially creating a continent-wide ban.
Above all, the case highlights the growing tension between rapid AI innovation and regulatory compliance, particularly when companies operate across different legal jurisdictions with varying data protection standards.
For DeepSeek, addressing these concerns may require fundamental changes to its data handling practices or acceptance of reduced market access in privacy-conscious regions.
