Pierluigi Paganini February 03, 2025

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks.

Texas Governor Greg Abbott banned Chinese AI company DeepSeek and Chinese-owned social media apps Xiaohongshu (RedNote) and Lemon8 from all state-issued devices.

The AI-powered chatbot, recently launched globally, has rapidly gained popularity reaching millions of users.

Texas is the first state to implement such a ban on these apps. Texas and other states banned TikTok on government devices.

“Texas will not allow the Chinese Communist Party to infiltrate our state’s critical infrastructure through data-harvesting AI and social media apps,” Abbott said. “Texas will continue to protect and defend our state from hostile foreign actors.”

U.S. users turned to Xiaohongshu before TikTok’s brief ban, using it as a TikTok alternative and protest. The app has 300M users across China and beyond.

Lemon8 is a Chinese company owned by ByteDance, the parent company of TikTok. The social media app also gained traction in the days leading up to the original TikTok ban on Jan. 19.

Last week, Italy’s data protection watchdog blocked Chinese artificial intelligence (AI) firm DeepSeek ‘s chatbot service within the country, citing a lack of information on its use of users’ personal data.

This week, Italy’s Data Protection Authority Garante asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing potential risks to user data.

“The Italian Data Protection Authority has sent a request for information to Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, the companies that provide the DeepSeek chatbot service, both web- and app-based.” reads the announcement. “Given the potentially high risk for millions of people’s data in Italy, the Authority asked the two companies and their subsidiaries to confirm which personal data are collected, the sources used, the purposes pursued, the legal basis of the processing, and whether they are stored on servers located in China.”

Italy’s Garante also asked DeepSeek AI about its training process, web scraping practices, and user notifications. Garante ordered the AI firm to provide details on the personal data it collects, its sources, storage locations, legal basis, and collection purposes.

Italy’s privacy regulator required a response within 20 days; however, the company’s insufficient response to concerns over user data protection triggered the Garante’s decision.

Despite the Authority’s findings, the companies claimed they do not operate in Italy and that European regulations do not apply. The Authority has also launched an investigation into the matter.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, DeepSeek)