DeepSeek faces intensified EU scrutiny over data privacy and AI security. Regulators demand transparency as privacy concerns grow amid its AI rise

Continue reading
The jury is still out on whether DeepSeek, the Chinese AI upstart that has taken the tech world by storm with its groundbreaking R1 model, is a game-changing force in AI or part of a larger strategy by its hedge fund parent company to disrupt markets. However, one thing is becoming evident: _DeepSeek’s rapid rise is attracting more than just attention—it’s now on the radar of regulators, and they are not happy._
Over the past few days, _data protection watchdogs in both Ireland and Italy_ have escalated concerns, sending urgent requests to DeepSeek about its data processing practices. The Irish Data Protection Commission (DPC) confirmed that it had formally reached out to DeepSeek, asking for detailed information on how it handles the data of Irish citizens. Meanwhile, the Italian Data Protection Authority (DPA) has gone a step further, pulling DeepSeek’s mobile app from major app stores in Italy after Euroconsumers—a coalition of consumer protection groups—filed a formal complaint regarding its handling of personal data under GDPR (General Data Protection Regulation).
The core of the issue lies in DeepSeek’s data practices. As a company operating out of China, where data laws differ significantly from those in Europe and the U.S., its privacy policies are raising serious red flags. For starters, DeepSeek’s app collects a vast amount of personal data, which it stores on servers in China. But here’s where it gets more complicated: According to its privacy policy, DeepSeek claims to transfer data in accordance with the laws of the country where the service is used—but this leaves a lot to interpretation. Both the Irish and Italian regulators have demanded more transparency on how and why personal data is being processed, especially as it relates to AI training and the legality of its data collection methods.
But the stakes are even higher—DeepSeek has come under fire for its apparent lack of transparency regarding web scraping practices and how it handles data from users who aren’t registered. The Italian DPA wants to know more about how DeepSeek scrapes data from the web and whether users are informed in advance about this practice. More troubling, the company has been unable to provide concrete assurances on how minors’ data is handled, despite claiming that its service isn’t intended for users under the age of 18.
The Italian DPA has given DeepSeek 20 days to respond. Their letter, bluntly stating that “millions of Italians' data is at risk,” signifies the gravity of the situation. It’s not just Italy—DeepSeek is under the spotlight across Europe, with more regulators potentially following suit.
What’s even more concerning is the apparent lack of safeguards for European users. Given DeepSeek’s operations in China, the Chinese government’s access to data is a well-known risk, and the European regulators are demanding clarity. As of now, DeepSeek has not responded publicly to these queries.
In an emergency press conference today, European Commission spokesperson Thomas Regnier weighed in on the growing concerns over DeepSeek’s security and privacy practices. For now, the EU has not launched an investigation but has stressed that the AI Act will apply to all AI services operating in Europe—regardless of their country of origin.
But the question remains: How will the EU handle the intersection of data privacy, security, and the power imbalance in AI? While the Commission remains cautious, the growing scrutiny from Italy and Ireland could be a harbinger of wider regulatory actions across the continent.
Amid the privacy concerns, another storm is brewing around DeepSeek’s AI training practices. Some reports from Microsoft and OpenAI suggest that DeepSeek may have used “distillations” from their proprietary models to train its own AI system, raising serious questions about intellectual property rights and potential copyright violations.
If these claims prove true, the ramifications could be immense. The potential legal battle over intellectual property could further complicate DeepSeek’s path to global legitimacy, especially when its AI models are already at the center of fierce debates over security and ethical usage.
As DeepSeek’s app continues to be removed from major platforms in Europe, the company faces a critical crossroads: respond to the mounting regulatory scrutiny, clarify its data practices, and potentially rethink its global strategy, or face ongoing pressure from regulators who are far from satisfied with its answers.
For now, DeepSeek is trying to stay under the radar, keeping a low profile while it navigates this web of regulatory and legal challenges. However, with Europe’s data protection authorities, consumer rights groups, and global tech companies watching closely, DeepSeek’s future as a player in the global AI race is more uncertain than ever.

A single ClickFix infrastructure is pushing StealC, Amatera, Remus, NetSupport, CastleLoader and a new loader called ResiLoader through fake Google/Cloudflare checks.