Introduction
DeepSeek [1] [2] [3] [4] [5] [6] [7] [8] [9], a Chinese AI chatbot launched in January 2025, has encountered significant scrutiny and widespread bans due to serious privacy and security concerns. The chatbot’s rapid rise in popularity has been overshadowed by a large-scale cyberattack and subsequent investigations into its data handling practices, leading to global regulatory actions.
Description
DeepSeek [1] [2] [3] [4] [5] [6] [7] [8] [9], a Chinese AI chatbot launched in January 2025, has faced significant scrutiny and widespread bans due to serious privacy and security concerns. Following its rapid rise in popularity, the chatbot was targeted by a large-scale cyberattack that exposed critical vulnerabilities in its data handling practices, including weak encryption and potential data leaks to state-linked entities [6]. Governments and regulators around the world have raised alarms regarding its data practices, highlighting potential national security risks and non-compliance with data protection laws [7]. Italy was the first country to ban DeepSeek, citing violations of the General Data Protection Regulation (GDPR) after an investigation by the Italian Data Protection Authority. The agency has also imposed restrictions on processing data of Italian users until further clarification on DeepSeek’s data management practices is provided [8]. Subsequently, Ireland [1] [5] [9], Belgium [5], France [1] [5] [9], and several other EU nations initiated inquiries into DeepSeek’s data processing practices [5], particularly regarding the handling of personal information and data storage in China [9].
In South Korea [1] [2] [3] [4] [5] [6] [8] [9], the government has temporarily halted downloads of DeepSeek from Apple and Google app stores due to privacy concerns raised by local authorities. The app [1] [2] [3] [4] [5] [6] [7] [8] [9], which quickly gained over a million weekly users in South Korea [1], faced bans from multiple government agencies for work-related use [1]. The Personal Information Protection Commission (PIPC) identified deficiencies in the app’s communication features and data processing practices [2], noting that the app collects data through unsecured channels and shares user information with third-party providers without proper safeguards [2]. While existing users can still access DeepSeek through web browsers [3], the PIPC has advised against sharing personal information through the app until further notice [2], recommending that users delete the app or refrain from entering personal information until the privacy issues are resolved [4]. The app will remain suspended until it resolves these issues and complies with the Personal Information Protection Act (PIPA) [2]. Additionally, South Korea’s Ministry of Trade [8], Industry and Energy has prohibited its employees from using the app due to security concerns [8], with the acting president expressing worries about its potential impact on industries [9]. Taiwan has also banned the app’s use in government departments due to cybersecurity concerns, while Australia has classified DeepSeek as an “unacceptable risk” to national security [7], clarifying that its ban is based on the risks it poses rather than solely its Chinese origins.
In the United States [1] [3] [9], various organizations [5], including NASA and the US Navy [5], have banned or restricted DeepSeek due to privacy and security issues [5]. Several states [3] [5] [9], including Texas [3] [6] [7] [9], Virginia [2] [3], and New York [2] [3], have enacted laws prohibiting government employees from using the app [3], and lawmakers are preparing a federal ban on DeepSeek for federal devices [9]. Investigations into the chatbot’s privacy policy have revealed extensive personal data collection practices [5], including the gathering of IP addresses and personal information, raising alarms about data sharing with third parties and the lack of clarity regarding data retention [5]. A lawmaker has even suggested imposing jail time for individuals using the app [1]. The open-source nature of DeepSeek further complicates its safety, as modifications can compromise its safety mechanisms [6], increasing the risk of exploitation and harmful content generation [6].
Developed to compete with AI models like ChatGPT and Gemini [7], DeepSeek utilizes natural language processing and deep learning [7], gaining attention for its reasoning and coding capabilities [7], supported by Chinese government initiatives for domestic AI development. However, concerns persist regarding its data storage practices [7], particularly the storage of user data on servers in China [7], which could allow access by Chinese authorities and raise serious privacy and foreign surveillance concerns [7]. Experts consider DeepSeek a notable threat to national security [3], as its technology facilitates rapid data processing that could uncover and exploit security vulnerabilities [3].
In response to regulatory scrutiny [7], DeepSeek asserts that it operates within legal frameworks and has removed its app from certain markets [7]. The company is also working on launching a new AI model [7], R2 [7], aimed at enhancing reasoning and coding capabilities [7], particularly in languages beyond English [7]. As AI technology evolves [7], governments are increasing oversight to safeguard data privacy and national security [7]. The situation with DeepSeek underscores the urgent need for AI companies to comply with stringent international data protection laws [7]. With the rise of AI adoption [7], heightened scrutiny regarding how AI chatbots manage personal and sensitive data is expected [7]. For DeepSeek to regain trust [7], it must enhance its privacy policies and adhere to global regulations [7], especially in light of the current lack of cohesive US federal AI policy, which poses regulatory challenges that may hinder the country’s leadership in AI development and data governance [6].
Conclusion
The case of DeepSeek highlights the critical importance of robust data protection and security measures in AI technologies. The global response underscores the potential national security risks associated with inadequate data handling practices and the necessity for AI companies to comply with international data protection laws. As AI continues to evolve, the scrutiny on data privacy and security will intensify, necessitating stronger regulatory frameworks to ensure the safe and ethical deployment of AI technologies.
References
[1] https://www.lowyat.net/2025/342867/south-korea-bans-deepseek-citing-privacy-concerns/
[2] https://www.infosecurity-magazine.com/news/south-korea-suspends-deepseek/
[3] https://www.analyticsinsight.net/news/deepseek-ai-chatbot-banned-in-multiple-countries-over-privacy-and-security-risks
[4] https://www.republicworld.com/world-news/deepseek-pauses-chatbot-app-downloads-in-south-korea-over-privacy-concerns
[5] https://www.tomsguide.com/computing/online-security/deepseek-ai-banned-by-nasa-us-navy-and-more-over-privacy-concerns
[6] https://www.csis.org/analysis/delving-dangers-deepseek
[7] https://www.michalsons.com/blog/deepseek-banned-over-privacy-concerns/77138
[8] https://www.devdiscourse.com/article/international/3268748-deepseek-faces-global-scrutiny-over-data-privacy-concerns
[9] https://www.bbc.com/news/articles/clyzym0vn8go
