DPC questions DeepSeek’s data processing of Irish users

30 Jan 2025

Image: © PixieMe/Stock.adobe.com

Italy’s data watchdog has also made a similar request to DeepSeek.

As DeepSeek’s popularity continues to surge, Ireland’s Data Protection Commission (DPC) has requested information from the Chinese AI start-up about how it processes data from Irish users.

The start-up’s R1 open-source AI model has made waves in the technology sector since its release on 20 January, showcasing capabilities on a par with industry heavyweights such as OpenAI’s ChatGPT and Anthropic’s Claude 3.5 Sonnet, while claiming to need less than $6m to train the model – a fraction of what it costs its US competitors.

However, according to its privacy policy, the company’s chatbot – estimated to have been downloaded millions of times by users worldwide – transfers personal information collected from users to servers located in China, raising concerns over privacy issues. Experts have previously raised alarm over China’s data protection laws, alleging that it does not limit access by authorities.

Responding to the concerns, a spokesperson for the DPC told news outlets that the watchdog has “written to DeepSeek requesting information on the data processing conducted in relation to data subjects in Ireland”.

Meanwhile, in a statement on Tuesday (28 January), the Italian data protection authority, Garante, also made similar requests to the company.

It asked Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence – the companies that provide the DeepSeek chatbot service – “to confirm which personal data are collected, the sources used, the purposes pursued, the legal basis of the processing and whether they are stored on servers located in China”.

Moreover, it has also asked the start-up about what kind of information it uses to train its AI, and if personal data is collected through web scraping, to clarify how individuals – including those who have not registered for the service – are informed on data processing.

Garante has given the companies 20 days to respond to its queries. Furthermore, reports suggest that Italy has removed the DeepSeek app from app stores in the country.

Meanwhile, the White House press secretary Karoline Leavitt told reporters earlier this week that the US National Security Council is reviewing DeepSeek’s security implications.

However, the open-source AI model is available for download and can be hosted on private computers, which, Andrew Stiefel, a senior product marketing manager at open-source security company, Endor Labs, said would reduce concerns around privacy issues.

“The core models are available on Hugging Face, and if you’re hosting them yourself, there isn’t any indication at this time that data is being shared with the Chinese government,” he said.

“Open source AI models are not inherently risky; many argue they’re safer to use than proprietary models because they’re built in the open. But there are valid questions about whether DeepSeek models are safe to use because the maintainers are in China.

“There are security and operational reasons to consider blocking use of DeepSeek R1, but it’s not necessarily ‘worse’ than other models, at least if you are hosting and tuning the model yourself.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Suhasini Srinivasaragavan is a sci-tech reporter for Silicon Republic

editorial@siliconrepublic.com