DeepSeek making a splash with EU data protection bodies
Source: Euractiv
DeepSeek’s emergence in the European digital space has been closely watched by national data protection authorities, who are concerned the company is breaching the GDPR by transferring EU personal data to China.
Euractiv has contacted all data protection authorities (DPAs) in the EU about their plans to investigate DeepSeek’s processing of personal data.
Of the 16 DPAs that responded, seven recorded ongoing or upcoming requests for information and formal investigations.
Requests for information and possible looming investigations
The Italian data protection authority, which was the first to request information from the Chinese company on 28 January, blocked the app on 30 January, opposing Deepseek’s claims that the app was not operating in Italy and that EU law does not apply to it.
The Irish Data Protection Commission and the Croatian authority have also written to the company requesting information.
Belgium‘s DPA reportedly opened a formal investigation on 30 January after consumer organisation TestAchat filed a complaint, a letter seen by Euractiv reads.
France‘s CNIL also confirmed to Euractiv that its AI service would analyse DeepSeek’s tools and request further information from the company. However, it clarified that no complaint had been lodged with it.
The Luxembourg authorities said they are “exploring possibilities” to investigate the company, and were joined by the Netherlands on Friday evening.
German DPAs discussed the matter in a joint meeting on AI on 29 January and are coordinating their actions, the Berlin DPA told Euractiv. Rhineland-Palatinate also confirmed that it will launch a formal investigation, but has not yet formally done so.
But the regional DPAs for Saarland, Mecklenburg-Vorpommern, and Berlin told Euractiv that they do not currently have any open investigations. Saarland will wait for a coordinated approach with other German DPAs before deciding how to proceed.
The DPAs from Berlin, Saarland and Luxembourg confirmed to Euractiv that they had not not received any complaints about DeepSeek.
Will the EU intervene?
The European Data Protection Board (EDPB), where national DPAs could coordinate their efforts, indicated that it had not yet been decided whether this would be on the agenda of its next meeting on 11-12 February.
However, the Luxembourg DPA told Euractiv that it is exploring the possibility of cooperating with other DPAs within the framework of the EDPB.
Commission spokesman Thomas Regnier confirmed that while national data protection authorities are independently responsible for enforcing the GDPR, the AI office is monitoring developments in the AI market.
Next steps from some DPAs still unclear
For other DPAs, it is still unclear what actions they will take.
The Portuguese DPA, for example, did not respond to Euractiv’s request for comment, although the Portuguese consumer organisation DECO PROtest filed a complaint with the national authority.
The Maltese, Romanian, Czech, Spanish and Lithuanian DPAs also confirmed to Euractiv that they had not received any complaints about DeepSeek, but did not say more.
Austria, Bulgaria, Cyprus, Denmark, Estonia, Finland, Greece, Hungary, Latvia, Poland, Portugal, Slovakia, Slovenia, Sweden, and 13 out of 17 German DPAs have not yet replied to Euractiv’s request for comments.
DeepSeek did not provide any comments to Euractiv at the time of writing.
[DE]
The original article: belongs to Euractiv .
