Pierluigi Paganini January 30, 2025

Italy’s data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices.

Italy’s Data Protection Authority Garante has asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data.

“The Italian Data Protection Authority has sent a request for information to Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, the companies that provide the DeepSeek chatbot service, both web- and app-based.” reads the announcement. “Given the potentially high risk for millions of people’s data in Italy, the Authority asked the two companies and their subsidiaries to confirm which personal data are collected, the sources used, the purposes pursued, the legal basis of the processing, and whether they are stored on servers located in China.”

Italy’s Garante also asked DeepSeek AI about its training process, web scraping practices, and user notifications. Garante ordered the AI firm to provide details on the personal data it collects, its sources, storage locations, legal basis, and collection purposes.

Italy’s privacy regulator requires a response within 20 days.

In early April 2023, the Italian Data Protection Authority temporarily banned ChatGPT due to the illegal collection of personal data and the absence of systems for verifying the age of minors.

The Authority pointed out that OpenAI does not alert users that it is collecting their data.

At the time the privacy watchdog said that there is no legal basis underpinning the massive collection and processing of personal data to ‘train’ the algorithms on which the platform relies.

The Authority carried out some tests on the service and determined that the information it provides does not always match factual circumstances so inaccurate personal data are processed.

The Authority claims that ChatGPT exposes minors to inappropriate responses for their age despite the service being designed to respond to users aged above 13.

A few weeks later, OpenAI announced that access to its chatbot service ChatGPT was allowed again in Italy after the company met the demands of regulators.

The DeepSeek’s AI Assistant app is one of the most downloaded apps in different countries on the Apple App Store. However, this week the company announced they were forced to disable registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack.

“Due to large-scale malicious attacks on DeepSeek’s services, we are temporarily limiting registrations to ensure continued service. Existing users can log in as usual. Thanks for your understanding and support.” reads a statement published by the company on its status page.

The AI company did not share details about the attack or its origin, however likely the platform was targeted by a massive DDoS attack.

The Chinese company’s app was removed from the iPhone App Store and Google Play Store in Italy, where it was the most downloaded free app. The removal’s cause is still unclear, but it may be a defensive action following scrutiny from the Data Protection Authority.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Garante)