The German government has informed the technology companies Google and Apple that the AI app DeepSeek does not meet the legal requirements regarding cross-border transfer of personal data. The companies must now respond to the announcement without delay and decide whether to block the application in Germany.

The company's headquarters are in Beijing, China, but DeepSeek is a software based on artificial intelligence. The company does not have a European operations office but offers the service through apps that are available in the Google Play Store and Apple App Store. DeepSeek's website states that the service processes a large amount of personal data, including all text transactions, chats, documents uploaded to the application, location data and information about which device is used. This information is then transferred from users to data processors in China and stored on a server there.

The processing of personal data in connection with services offered to individuals in the European Economic Area, regardless of the location of the operators headquarters, falls within the scope of the Regulation on Data Protection (EU) 2016/679. The Data Protection Regulation stipulates that even when transferring personal data across borders, the protection of personal data that applies in Europe remains intact. In practice, this is done by means of a decision on adequacy, i.e. confirmation by the European Commission that the protection is adequate or by means of additional safeguards. Since the European Commission has not recognised China as a country that provides adequate personal protection and DeepSeek has not demonstrated that appropriate safeguards are in place, the transfer of data is considered illegal.

See more here.