Germany’s top data protection regulator has demanded the removal of DeepSeek, a Chinese artificial intelligence startup, from Apple and Google’s app stores over unlawful handling of personal data.
This is another step in Europe’s investigation of Chinese tech firms accused of flouting privacy rules.
The Berlin Data Protection Commissioner, Meike Kamp, invoked Article 16 of the EU’s Digital Services Act (DSA) in a formal notice to both tech giants, declaring DeepSeek’s app as illegal content under European law.
At the heart of the matter is the company’s transfer of user data to China, without any of the legal safeguards mandated by the EU’s General Data Protection Regulation (GDPR).
Kamp stated, “DeepSeek has not been able to provide my agency with convincing evidence that German users’ data is protected in China to a level equivalent to that in the European Union.”
That alone would be enough to raise red flags. But the issue runs deeper.
Germany’s investigation found that DeepSeek violated Article 46 of the GDPR, which governs international data transfers. China does not have an EU adequacy decision, a prerequisite for transferring personal data outside Europe without further protections.
Yet DeepSeek allegedly failed to implement even basic legal mechanisms, such as Standard Contractual Clauses (SCCs), that could have made such transfers lawful.
According to DeepSeek’s own privacy policy, the app stores an alarming range of personal data, including search queries, chat histories, uploaded documents, and location data, on servers based in China. Nowhere in the policy is GDPR mentioned. No safeguards are outlined. No clarity is given.
This isn’t the first time the company has faced European resistance. Italy’s data protection authority banned DeepSeek earlier this year after it failed to explain how it collects and processes user data. The Netherlands followed shortly after, warning the public not to submit sensitive information through the app.
In the United States, lawmakers are drafting legislation that would prohibit federal agencies from using AI models developed in China. A senior U.S. State Department official told Reuters that “DeepSeek is actively supporting China’s military and intelligence operations, including providing services to PLA research institutions.”
The same report revealed that the company allegedly used shell companies in Southeast Asia to bypass U.S. export controls and acquire Nvidia H100 chips, restricted hardware used for training advanced AI models.
These concerns have been amplified by DeepSeek’s rapid ascent. The company claimed in January that its AI models, such as DeepSeek-R1 and V3, rival those of OpenAI and Meta—at a fraction of the cost. It reportedly trained its large language model for just $5.6 million, a figure many experts find highly questionable.
Nevertheless, the apps have surged in popularity, topping download charts across multiple countries, and exposing users’ data to foreign jurisdictions.
Despite repeated requests from German authorities since May, DeepSeek refused to adjust its data practices or withdraw voluntarily from the app stores. With that deadline now past, the commissioner’s office has moved decisively.
Apple and Google are expected to act quickly, but neither company has responded to requests for comment.
