The Dutch Data Protection Authority (AP) has launched an investigation into Chinese AI company DeepSeek, raising concerns over its data collection and storage practices. The regulator, as per a report in Reuters, has also advised users in the Netherlands to be cautious when using DeepSeek’s software due to questions surrounding its privacy policies.
“The AP is [issuing this] warning because of the serious concerns that there are over DeepSeek’s privacy policies … and the way in which it appears to use personal information,” said the regulator’s chairman, Aleid Wolfsen. The agency has reiterated that personal data belonging to European citizens must meet strict conditions if stored outside the European Union (EU), a requirement DeepSeek is expected to comply with.
The Dutch move follows Italy’s recent decision to restrict access to DeepSeek’s application, citing similar privacy issues. Regulators in France and Ireland have also requested further information regarding DeepSeek’s data processing practices. The AP has confirmed it is working with other European regulators to coordinate enforcement actions and information-sharing efforts.
DeepSeek, which has entered the AI market as a competitor to Western AI firms, is now facing regulatory scrutiny beyond privacy concerns. Research conducted by AI security firm Enkrypt AI has identified vulnerabilities within DeepSeek’s AI model, DeepSeek-R1, highlighting risks in its security and ethical frameworks. The study found that the model was capable of generating content associated with hate speech, self-harm, and explicit material. Additionally, it was found to be susceptible to manipulation, which could allow it to generate insecure code or facilitate cybersecurity threats, as well as content linked to chemical or biological weapons.
Compared to other AI models, Enkrypt AI’s analysis determined that DeepSeek-R1 exhibited three times the bias of Anthropic’s Claude-3 Opus, was four times more likely to generate insecure code than OpenAI’s O1 and was four times more prone to producing toxic content than OpenAI’s GPT-4o. The research also showed that DeepSeek-R1 was eleven times more likely to generate harmful output than OpenAI’s O1 and 3.5 times more likely to produce content related to Chemical, Biological, Radiological, and Nuclear (CBRN) threats than OpenAI’s O1 and Claude-3 Opus.
“DeepSeek-R1 offers significant cost advantages in AI deployment, but these come with serious risks,” said Enkrypt AI CEO Sahil Agarwal. “Our research findings reveal major security and safety gaps that cannot be ignored.
“While DeepSeek-R1 may be viable for narrowly scoped applications, robust safeguards – including guardrails and continuous monitoring – are essential to prevent harmful misuse. AI safety must evolve alongside innovation, not as an afterthought.”
DeepSeek’s expansion into the AI sector has drawn attention from government agencies across multiple countries. Italy was the first to act, with its data protection authority issuing a restraining order against Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, the two companies behind the AI model. The Italian regulator cited concerns over a lack of transparency regarding the collection, processing, and storage of user data, leading to a temporary block on the platform.
US authorities tighten restrictions on DeepSeek
Beyond Italy, Taiwan’s digital ministry has advised government officials to avoid using DeepSeek’s technology due to concerns about potential data leaks. South Korea’s Personal Information Protection Commission has announced plans to seek further information from the company regarding its data management practices. In Europe, France’s National Commission for Information Technology and Civil Liberties (CNIL) is also preparing an inquiry into DeepSeek’s data protection compliance, while Belgium is assessing potential violations of the EU’s General Data Protection Regulation (GDPR). Ireland has also requested details on how DeepSeek handles personal data.
In the US, similar actions have been taken against DeepSeek. Texas Governor Greg Abbott has banned the use of DeepSeek on government-issued devices, citing concerns over data security and potential foreign influence. The US Navy has also prohibited its members from using DeepSeek, expressing apprehension about security and ethical issues. Additionally, the US Commerce Department is investigating whether DeepSeek has been using US chips in violation of export restrictions, raising further concerns about the company’s practices.
Read more: DeepSeek being investigated for allegedly using restricted US-made AI chips
