Skip to content

Editor’s Note: Italy’s data protection authority, the Garante, has taken a decisive step in AI regulation by banning Chinese AI firm DeepSeek over unresolved data privacy concerns. This action, effective January 31, 2025, reflects growing European vigilance in enforcing stringent data protection standards. The ban follows DeepSeek’s failure to provide satisfactory explanations about its data collection, processing, and potential storage in China. As AI continues to reshape global industries, this move highlights the regulatory challenges that organizations must navigate to ensure compliance and safeguard user data.

Industry News – Data Privacy and Protection Beat

Italy Takes Decisive Action: DeepSeek Blocked Amid Privacy Concerns

ComplexDiscovery Staff

In a significant development, Italy’s data protection authority, the Garante, has escalated its scrutiny of Chinese AI firm DeepSeek, moving beyond initial inquiries to impose an immediate ban on the service. As of January 31, 2025, DeepSeek has been effectively blocked across Italy, marking a decisive intervention in the ongoing debate over AI, data privacy, and regulatory oversight. This move underscores Europe’s growing determination to enforce stringent data protection standards in the face of rapidly advancing AI technologies.

Italy’s data protection authority, known as the Garante, had previously directed Chinese AI firm DeepSeek to clarify its practices concerning the handling of personal data. The move exemplified rising concerns over privacy rights and data management in an era where artificial intelligence is increasingly integral to business operations. Situated in Rome’s central Piazza Venezia, the Garante, with a history dating back to 1997, has played a pivotal role in aligning Italy’s data protection laws with European Union standards. This agency acts assertively, often issuing fines or imposing restrictions on global technology firms under its jurisdiction. “The agency has become increasingly active in safeguarding personal data and privacy rights in Italy,” as reported.

Italy’s proactive approach is exemplified by several high-profile interventions over recent years. In 2020, the Garante fined Telecom Italia 27.8 million euros for violations in data processing linked to telemarketing activities, emphasizing the necessity for explicit consent from individuals for marketing purposes. Furthermore, concerns over TikTok’s policies led the agency to mandate enhancements in protecting minors under 13 in 2021. In a landmark decision in 2023, the Garante necessitated OpenAI to withdraw its ChatGPT service temporarily from Italy, citing investigations into potential privacy breaches. These actions demonstrate Italy’s commitment to maintaining stringent data protection standards in the digital age.

DeepSeek, the Chinese AI entity now under scrutiny, has been making headlines for its AI models that reportedly perform efficiently with less advanced computer chips compared to counterparts like OpenAI. However, a review by Wired indicated that DeepSeek transmits large amounts of data to China, specifically to tech giants like Baidu, ostensibly for web analytics purposes. John Scott-Railton, a senior researcher from Citizen Lab, commented on this practice, “It shouldn’t take a panic over Chinese AI to remind people that most companies in the business set the terms for how they use your private data.” Such revelations underscore the persistent tension between technological innovation and privacy considerations.

Furthermore, privacy concerns about DeepSeek extend beyond Italy. In Ireland, the Data Protection Commission (DPC) has reached out to DeepSeek to procure information regarding data processing concerning Irish users. Ireland’s DPC, responsible for major U.S. technology companies due to their operational bases in Ireland, is evidently treating this inquiry with similar gravitas. Statements from the DPC confirm their request for DeepSeek to elucidate its data processing activities in relation to Irish data subjects, reflecting a collective European vigilance on data privacy matters.

DeepSeek’s privacy policy, accessible in multiple languages, states, “We may collect your text or audio input, prompt, uploaded files, feedback, chat history, or other content that you provide to our model and Services.” However, privacy advocates raise alarms over the potential misuse and storage of such datasets, particularly within Chinese jurisdiction. Lukasz Olejnik from King’s College London’s Institute for AI has cautioned against the input of personal or private information into AI systems. This advice amplifies the prevailing sentiment among privacy experts on maintaining prudent data exchanges with AI platforms.

Despite meticulous privacy policies, generative AI models like DeepSeek’s are often criticized for the opaque nature of their operations, an issue analysts like Bart Willemsen of Gartner highlight. Willemsen notes that while DeepSeek offers complimentary access, users are essentially parting with their data, “paying with data, knowledge, content, information.” This trade-off between free services and privacy has led to a burgeoning discourse on responsible AI governance.

The broader implications for corporates and legal entities are profound. As AI continues to permeate various sectors, bridging gaps in efficiency and innovation, it prompts a regulatory landscape that is both adaptive and protective. Legal departments and corporations must remain vigilant and discerning when entering arrangements with AI service providers, ensuring compliance with international privacy norms and safeguarding proprietary data. These evolving challenges will test the mettle of regulatory frameworks tasked with upholding privacy while fostering technological growth.

News Sources


Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery OÜ

The post Italy Takes Decisive Action: DeepSeek Blocked Amid Privacy Concerns appeared first on ComplexDiscovery.

Photo of Alan N. Sutin Alan N. Sutin

Alan N. Sutin is Chair of the firm’s Technology, Media & Telecommunications Practice and Senior Chair of the Global Intellectual Property & Technology Practice. An experienced business lawyer with a principal focus on commercial transactions with intellectual property and technology issues and privacy

Alan N. Sutin is Chair of the firm’s Technology, Media & Telecommunications Practice and Senior Chair of the Global Intellectual Property & Technology Practice. An experienced business lawyer with a principal focus on commercial transactions with intellectual property and technology issues and privacy and cybersecurity matters, he advises clients in connection with transactions involving the development, acquisition, disposition and commercial exploitation of intellectual property with an emphasis on technology-related products and services, and counsels companies on a wide range of issues relating to privacy and cybersecurity. Alan holds the CIPP/US certification from the International Association of Privacy Professionals.

Alan also represents a wide variety of companies in connection with IT and business process outsourcing arrangements, strategic alliance agreements, commercial joint ventures and licensing matters. He has particular experience in Internet and electronic commerce issues and has been involved in many of the major policy issues surrounding the commercial development of the Internet. Alan has advised foreign governments and multinational corporations in connection with these issues and is a frequent speaker at major industry conferences and events around the world.