Tag: GDPR

  • German Authorities Urge Google and Apple to Remove Deepseek App

    German Authorities Urge Google and Apple to Remove Deepseek App

    Key Takeaways

    1. Deepseek has been prohibited in Italy, and German officials are taking action to remove it from Google and Apple’s platforms.
    2. Allegations include violations of EU data protection laws, particularly regarding user data transfer to China without adequate safeguards.
    3. The app collects sensitive user information, raising concerns about potential access by Chinese authorities.
    4. The Berlin data protection authority may impose fines of up to 4% of Deepseek’s global revenue, but enforcement against a foreign entity is challenging.
    5. The request to block Deepseek follows a previous warning to halt data transfers, and while it may be removed from app stores, it will still be accessible via web browsers.


    Deepseek has been prohibited in Italy, and now German data protection officials are taking action against the widely-used AI application from China. According to Der Spiegel, the Berlin Commissioner for Data Protection and Freedom of Information has filed a complaint with both Google and Apple, formally asking them to remove the Deepseek app from their platforms, making it unavailable to users in Germany.

    Allegations of Data Violations

    The basis for this request is purported violations of data protection laws, particularly concerning the transfer of user data from Europe to China. The company has not presented adequate proof that user data is safeguarded in China in a similar way as it is in Europe. According to the EU’s GDPR (General Data Protection Regulation), protecting user data is a fundamental requirement for its transfer to nations outside the EU. However, this does not ensure that other Chinese firms or the Chinese government cannot access data from European users.

    Concerns Over User Data

    This situation is particularly alarming because the chatbot app gathers a wide variety of potentially sensitive information about its users, such as text inputs, chat histories, uploaded files, location details, and device data. Chinese authorities may potentially gain access to all this information, which is already in the possession of the state for all domestic businesses.

    Possible Penalties and Future Actions

    The Berlin data protection authority has the option to impose a fine that could reach up to 4% of the company’s worldwide revenue. Nonetheless, as officials have indicated, enforcing this against a foreign entity would be a challenging task. It is worth noting that this action did not come without prior warning; in May, Berlin’s data protection officials had already set a deadline for the company to halt data transfers to China. Since the Deepseek developers failed to meet this deadline, the request for blocking has been made under the Digital Services Act. Apple and Google are now required to make a decision regarding the blocking very soon. However, the model will still remain accessible through web browsers in the future.

    Source:
    Link

  • DeepSeek App Pulled from Italian Stores Due to Privacy Issues

    DeepSeek App Pulled from Italian Stores Due to Privacy Issues

    DeepSeek, a startup from China focusing on artificial intelligence, has recently faced significant regulatory challenges in Italy. Its app has unexpectedly disappeared from both Apple’s App Store and Google Play. This action comes after Italy’s data protection authority, Garante, initiated a formal investigation into how DeepSeek manages and gathers user data. Concerns surrounding data privacy and safety have put the AI firm under a microscope, mirroring similar worries expressed in the United States and Australia.

    Italian Authority Demands Clarity on Data Usage

    Italy’s privacy regulator has granted DeepSeek and its associated companies a 20-day period to reveal essential information related to their data handling practices. Authorities are requesting specifics about the types of personal data collected, how it is sourced, its intended use, and whether the information is stored on servers located in China. Additionally, they have inquired about how DeepSeek communicates data processing practices to both registered and unregistered users, especially when information is sourced via web scraping techniques.

    Privacy Issues Amid Rapid Success

    Concerns regarding privacy have escalated following DeepSeek’s rapid ascent. The launch of its AI assistant, which rivals OpenAI’s ChatGPT, saw the app quickly rise to the top of download lists across various nations, causing unease among competitors in the US tech sector. Concurrently, US officials are evaluating possible national security threats linked to the widespread use of a Chinese AI model, with the US Navy specifically cautioning its personnel against using DeepSeek.

    Data Transparency Under Fire

    Transparency in how data is managed remains a critical point of contention. According to the company’s privacy policy, user data is kept on secure servers in China and might be shared with affiliated organizations and service providers. Despite this, Euroconsumers—a group of European consumer advocates—has raised concerns regarding the sufficiency of these notifications and questioned DeepSeek’s compliance with the European Union’s General Data Protection Regulation (GDPR).

    Italy’s examination of DeepSeek is not a new development. Earlier in 2023, the country temporarily prohibited ChatGPT due to worries about user data protection. In response to these issues, OpenAI made several adjustments to its platform, including enhanced transparency about data processing, providing users with opt-out choices, and instituting age verification measures aimed at protecting children under 13. These modifications ultimately led to the reinstatement of the chatbot.

    Future Implications for DeepSeek

    As DeepSeek continues to expand its presence worldwide, the regulatory hurdles it faces are intensifying. The company is required to provide answers to the Italian regulator by February 17, a deadline that could significantly impact its future operations in the European market. Should authorities determine that privacy laws have been violated, DeepSeek may encounter severe penalties or operational restrictions, potentially setting a precedent for the examination of AI products created outside Western jurisdictions.

  • OpenAI Fined €15 Million by Italy’s Data Protection Authority

    OpenAI Fined €15 Million by Italy’s Data Protection Authority

    The Italian Data Protection Authority has revealed that it has imposed a €15 million fine on OpenAI for multiple breaches of the EU’s GDPR regulations. The agency claims that the creator of ChatGPT collected personal data without a lawful reason and also failed to report a security breach that occurred in March 2023.

    Concerns About Child Safety

    Additionally, the agency pointed out that OpenAI lacked proper “mechanisms for age verification,” which could lead to children under 13 being exposed to responses that are not suitable for their level of maturity and understanding. This raises serious concerns about the safety of young users interacting with the platform.

    Required Actions by OpenAI

    The authority has mandated that OpenAI establishes a “six-month institutional communication campaign across radio, television, newspapers, and the Internet.” This campaign aims to enhance public knowledge and awareness regarding how ChatGPT operates, as well as how it collects and manages user data.

    In a response shared with Euro News, OpenAI described the ruling as “disproportionate” and expressed its intention to challenge the decision. The spokesperson mentioned that the penalty was “almost 20 times” the revenue generated by the company in Italy for the year.

    Source: Link

  • Terms Update Allows X to Sell User Data to Third Parties

    Terms Update Allows X to Sell User Data to Third Parties

    The social media site X, which used to be called Twitter, has updated its general terms and conditions (T&Cs). Now, these terms permit the sharing of customer data with third parties. This allows X to sell user data to various companies, which can then utilize it for their own needs, like training their artificial intelligence systems.

    Changes Coming Soon

    These alterations to the T&Cs will take effect on November 15, 2024, and will automatically apply to all users. The new privacy policy mentions:

    “If you do not opt out, recipients of the information may in some cases use it for their own independent purposes, including, for example, to train their artificial intelligence models, in addition to the purposes specified in X’s Privacy Policy.”

    Criticism and Concerns

    X has faced backlash for its management of user data for a while now. In 2023, the firm, owned by Elon Musk of Tesla and SpaceX fame, was criticized by the EU Commission for breaching the General Data Protection Regulation (GDPR) and the Digital Services Act (DSA). This incident involved unlawful micro-targeting in political ads. The recent modifications to the terms and conditions are expected to intensify discussions about user data protection.

    Users can choose to object to their data being shared. However, this requires them to take action, which means they must be aware that their data is being shared in the first place. Even though there are still a few days until October 15, X has yet to disclose where users can find the opt-out option.

    New Measures Against Data Collectors

    Alongside the updates to the data protection policy, X is also putting stricter rules in place against external data harvesters. The new T&Cs will impose hefty fines for those using automated tools to gather large amounts of data from the platform. If an account is found to be viewing 1 million posts in a 24-hour period, it will incur a fine of $15,000, with the same penalty applying for each additional million posts viewed.