Introduction
DeepSeek [1] [2] [3] [4] [5], an AI chatbot developed by the Chinese startup High-Flyer [2], has become a focal point of international scrutiny due to significant data privacy and security concerns. Various countries [1] [2] [4], including Australia [5], South Korea [2] [3] [5], Italy [2] [3], and the United States, have taken measures against the app, highlighting the broader implications of Chinese technology on global data privacy and national security.
Description
DeepSeek [1] [2] [3] [4] [5], an AI chatbot developed by the Chinese startup High-Flyer [2], has raised significant data privacy and security concerns across multiple countries [2], including Australia [5], South Korea [2] [3] [5], Italy [2] [3], and the United States. The Albanese government in Australia has banned the app from all government devices [5], citing an “unacceptable risk” to national security due to its unclear data handling practices. Similarly, South Korea has suspended new downloads of DeepSeek and is investigating its data processing practices [2], particularly following allegations that the app’s parent company may share user data with ByteDance, the owner of TikTok [5]. Italy’s Data Protection Authority has also restricted the app’s processing of user data [2], emphasizing a lack of transparency in its operations. In the US, a proposed ban on DeepSeek has been put forward, highlighting potential security risks to sensitive data and privacy [4].
Key privacy risks associated with DeepSeek include excessive data collection without transparent consent mechanisms [3], leading to user uncertainty about what data is collected and how it is processed [3]. Unlike OpenAI [5], which has clear guidelines on data storage and sharing [5], DeepSeek’s terms and conditions lack protections for third-party data [5], raising alarms about potential misuse [5]. The app’s unclear data handling practices raise concerns about compliance with data protection principles, such as data minimization and purpose limitation, which are emphasized in South Korea’s data protection law and the European Union’s General Data Protection Regulation (GDPR). If DeepSeek is found to violate these principles [2], it could face severe regulatory consequences [2].
National security risks are heightened by China’s National Intelligence Law, which allows the government access to corporate data [2], raising international civil liberties concerns [3]. Experts have noted that the Chinese government has utilized AI for mass surveillance [4], including biometric data collection and monitoring of social media [4], which could threaten individual privacy [4]. Reports indicate that DeepSeek has been integrated by Chinese companies providing services to the government [4], enhancing their surveillance and cyber censorship capabilities [4]. Additionally, a cybersecurity firm discovered code within DeepSeek that shares user information with China Mobile [4], a state-owned company linked to military espionage [4]. This raises further privacy concerns [4], especially as DeepSeek has been implicated in generating phishing attacks and disinformation campaigns targeting various countries [4], including the US [4]. These operations reportedly aim to gather insights on political sentiments and human rights discussions [4], potentially compromising the privacy of individuals involved in these discussions [4].
Data security vulnerabilities are another critical issue [3], as DeepSeek relies on centralized architectures that can be targeted by cyberattacks [3]. A lack of robust encryption and security protocols increases the risk of data breaches and identity theft [3]. Furthermore, users have limited control over their data [3], with significant potential for misuse once data enters the system [3]. To address these concerns [3], developers must enhance transparency [3], comply with privacy laws [3], and implement privacy-by-design principles [3], including secure data storage and user control over personal information [3]. The case of DeepSeek underscores the ongoing challenges of balancing innovation in AI with the need for robust data privacy regulations as countries navigate the implications of Chinese technology in their markets [2].
Conclusion
The DeepSeek controversy highlights the critical need for stringent data privacy and security measures in the face of rapidly advancing AI technologies. Countries must enforce robust regulations to protect sensitive data and ensure compliance with international standards. As AI continues to evolve, the global community must remain vigilant, balancing technological innovation with the protection of individual privacy and national security.
References
[1] https://content.techgig.com/technology/deepseek-ai-ban-a-global-response-to-privacy-and-security-concerns/articleshow/118734836.cms
[2] https://www.koreatimes.co.kr/www/opinion/2025/03/813_393089.html
[3] https://www.cybersecurityintelligence.com/blog/deepseek—a-deep-dive-reveals-more-than-one-red-flag-8286.html
[4] https://www.voanews.com/a/china-uses-deepseek-ai-for-surveillance-and-information-attacks-on-us/7996271.html
[5] https://www.theaustralian.com.au/breaking-news/big-issue-with-deepseek-exposed-after-china-envoy-warns-australia-against-ban/news-story/1f0292430f5ae190239f39a614c432cb
