Italy’s data protection authority, the Garante, has ordered Chinese AI startup DeepSeek to block its chatbot in the country after the company failed to address concerns over its privacy practices. The regulator had questioned DeepSeek about its handling of personal data, including details on what data is collected, its sources, the purposes for which it is used, its legal basis, and whether it is stored in China.
The Garante’s decision came after the company provided what was deemed “totally insufficient” information, prompting the watchdog to take immediate action to protect Italian users’ privacy. DeepSeek has yet to comment on the ruling.
The Chinese startup, which recently claimed that its AI models rival or outperform industry-leading U.S. models at a fraction of the cost, has made headlines for surpassing ChatGPT as the top-rated free app on Apple’s App Store in the U.S. However, its swift rise has drawn increasing scrutiny over data protection.
The Garante’s order, which took effect immediately, also includes an investigation into DeepSeek’s data handling practices. Meanwhile, other European regulators, including those in France and Ireland, are investigating the chatbot’s privacy policy.
In response to Italy’s concerns, DeepSeek stated that it had removed its AI assistant from Italian app stores after facing scrutiny. However, Agostino Ghiglia, a member of the Garante board, revealed that the company’s stance—which claimed it was not subject to Italian regulation—further aggravated the situation, prompting the block. Ghiglia emphasized that DeepSeek’s lack of cooperation had made the situation worse.
As of Friday, some Italian users who had previously downloaded the app reported that the chatbot was still functional on their devices, and the web version of the service remained operational. The Garante emphasized that citizens must have the right to consent based on how their data is handled, especially when servers in countries outside the EU, such as China, may not provide the same privacy guarantees as European standards.
The Garante has been at the forefront of data protection in Europe, with a history of taking action against companies, including a brief ban on Microsoft-backed ChatGPT two years ago over potential privacy rule violations.
