DeepSeek has recently gained global attention, including in Italy. On January 30, 2025, the Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) announced an immediate ban on accessing the DeepSeek within Italy. As a result, DeepSeek was removed from Italian Apple and Google digital stores. This decision has sparked widespread discussion and concern, particularly regarding the legal frameworks governing international AI applications and the responsibilities of companies operating across borders.
The Italian Data Protection Authority (Garante per la protezione dei dati personali, “Garante”) is Italy’s independent regulatory body responsible for ensuring the protection of personal data and privacy rights under both national and European Union law. Established under the Italian Data Protection Code and in compliance with the General Data Protection Regulation (GDPR), the Garante has broad authority to monitor, investigate, and enforce data protection rules.
The Garante’s enforcement mechanisms include conducting investigations, issuing fines, imposing bans, and mandating corrective measures when violations occur. The authority actively collaborates with other European data protection bodies, particularly through the European Data Protection Board (EDPB), to ensure the uniform application of data protection laws across the EU.
The blocking of DeepSeek aligns with the Garante’s pattern of rigorous enforcement, following previous actions against other major technology firms for non-compliance with GDPR provisions.
DeepSeek, developed by Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, is an AI chatbot that gained rapid popularity due to its advanced capabilities and cost-effectiveness compared to Western counterparts, such as ChatGPT by OpenAI. However, its swift rise triggered regulatory scrutiny, particularly concerning its handling of personal data.
The Garante’s enforcement approach is characterized by a combination of proactive monitoring, reactive investigations, and a strict sanctions regime. It prioritizes sectors and activities that pose the highest risks to individuals’ data protection rights, particularly healthcare, finance, and technology, where large amounts of sensitive data are processed daily.
The Italian Data Protection Authority initiated an inquiry into DeepSeek’s data collection practices, seeking clarity on several key aspects: (i) The specific categories of personal data collected; (ii) The sources from which this data is obtained; (iii) The purposes for which the data is used; (iv) The legal basis for processing the data; (v) The storage locations of the data, particularly whether it is stored on servers in China.
DeepSeek’s response was deemed inadequate by the Garante. The company asserted that it did not operate within Italy and, therefore, considered European regulations inapplicable to its activities. However, the Garante determined that DeepSeek’s web-based version was accessible to Italian users, thereby subjecting it to GDPR jurisdiction.
On January 28, 2025, the Garante officially requested that DeepSeek provide detailed information, including: (i) The types of personal data collected; (ii) The sources of this data; (iii) The legal basis for processing it; (iv) Whether the data is stored on servers in China; (v) The data used for AI training and how users (both registered and unregistered) are informed if their data is obtained through web scraping.
DeepSeek responded on January 29, 2025, stating that it had not entered the Italian market, had no plans to do so, and had removed its applications from Italian app stores. The company further argued that GDPR did not apply to its business.
However, the Garante’s investigation didn’t agree with DeepSeek’s response: (i) DeepSeek’s website remained accessible in Italy; (ii) Registration restrictions were reportedly due to a “large-scale malicious attack”, rather than an intentional limitation by the company; (iii) Previously registered Italian users could still access the service, meaning personal data of Italian users was still being processed. Thus, this triggered Article 3(2)(a) of GDPR, which extends GDPR applicability to any service provider that processes data of EU residents, regardless of the company’s location.
The Garante determined that DeepSeek’s failure to provide satisfactory answers to its initial inquiry violated Article 31 of GDPR, which requires companies to cooperate with regulatory authorities.
Additionally, the investigation uncovered multiple serious violations, including:
As a result, under Article 58(2)(f) of GDPR, which authorizes regulatory authorities to impose restrictions on data processing, the Garante ordered DeepSeek to immediately cease processing Italian users’ data.
The Garante’s order takes effect immediately, with further measures pending the results of its ongoing investigation. Under the regulatory framework in Italy, violations may face severe legal consequences, including:
While these penalties remain potential outcomes, the Garante’s firm stance signals a strict enforcement approach, and the relevant company may appeal the decision.
As AI technologies continue to evolve, regulatory frameworks must keep pace, balancing innovation with individual rights protection.
The blocking of DeepSeek in Italy underscores the rigorous application of GDPR and the EU’s strict data protection laws. While the immediate impact is a ban on a popular AI application, the long-term consequences extend to the global AI regulatory landscape.
Moreover, this case highlights the need for international cooperation in AI governance. Different countries have varying approaches to data protection, leading to potential conflicts. Organizations such as the United Nations and the Organization for Economic Cooperation and Development (OECD) are working to establish common standards, ensuring that AI technologies are developed in a way that respects privacy rights while fostering global collaboration.
Preface As the leader of China’s economic development and the forefront of reform and opening up, Shanghai has always attached great importance to attracting foreign investment. Recently, the Shanghai Government deliberated and adopted a series of policy measures to promote the sustained economic recovery, and at the same time actively responded to the Action Plan
In recent years, the winter sports industry has seen unprecedented global growth, particularly with the successful hosting of the Beijing 2022 Winter Olympics and the upcoming Milan-Cortina 2026 Winter Olympics. These events have not only brought significant attention to winter sports but have also spurred a surge in international investment and collaboration. Legal sectors such
Introduction With the continuous improvement of labor laws and regulations, open-ended labor contracts, as a form of contract that provides stronger protection for the rights and interests of employees, have attracted increasing attention. In particular, whether employees have the right to demand the signing of open-ended labor contracts after two consecutive fixed-term labor contracts has
