Regeringsgatan 29, Stockholm, 11153, SE | Strawinskylaan 4117, 1077 ZX, Amsterdam |

Stockholm: +46 70 253 0550 | Amsterdam: +31 65 060 8964 |

Email: chantal@amstlegal.com

  

dataprivacy Tag

by AMST Legal

DeepSeek – Is your Data Safe? Everything You Need to Know

In my previous article we examined how ChatGPT, Perplexity and Claude uses your data (AI data use). We also mentioned the potential risks of sharing confidential or proprietary information – and how to avoid these risks. It is clear that not all tools offer the same safeguards regarding data privacy, security, and legal protections. We will therefore continue comparing AI models. This week a focus on the AI model DeepSeek. See below our Article ‘DeepSeek – Is your Data Safe? Everything You Need to Know’.

DeepSeek was unknown to most people outside of the People’s Republic of China (“PRC“) until this week. In the course of one week it has however gained immensely in popularity. It is yet another AI-driven platform, but there are important differences with the other well-known AI models. DeepSeek is currently challenging AI models like ChatGPT and Gemini in capabilities unexpected until yesterday. In this article, we will explore DeepSeek’s Privacy Policy & Terms of Use. We will also handle issues such as personal data storage, AI model training and jurisdiction. If you’re wondering whether you can safely use DeepSeek for personal or professional tasks, read on to discover the key facts, risks and best practices.

This article has been written at the start of the broad use of DeepSeek. It is therefore work in progress, based on first information gathered.

What We’ll Cover

  • DeepSeek Overview: Short explanation of the platform and why are people interested in it.
  • Privacy Policy Highlights: Including details on storing personal data, especially full names and addresses.
  • Location of Data: How and why user data may end up on servers in the People’s Republic of China.
  • Terms of Use: Whether DeepSeek incorporates your content into training its AI models—and what that means for you.
  • Data Privacy in China: The local regulatory environment and how it differs from GDPR or CCPA.
  • Confidentiality: Potential risks if you’re handling sensitive or proprietary information.
  • Final Advice: How to proceed if you’re considering using DeepSeek, plus some general cautionary steps.

1. DeepSeek Explained

New AI Model

DeepSeek is a cutting-edge large language model (LLM) similar to ChatGPT and Gemini. It is developed by a Chinese AI company with the full name ‘Hangzhou DeepSeek Artificial Intelligence Co., Ltd., and Beijing DeepSeek Artificial Intelligence Co., Ltd.’. It is designed to tackle a range of complex tasks with impressive efficiency according the latest tests. According to Google Gemini its powerful AI shines in several key areas:

  1. Math Whiz: DeepSeek excels at mathematical reasoning and problem-solving, often outperforming other models.
  2. Logic Master: DeepSeek handles complex, multi-step logical reasoning with ease.
  3. Code Conjurer: DeepSeek understands and generates code in various programming languages, making it a valuable tool for developers.
  4. Conversation Starter: DeepSeek is a natural language expert, capable of engaging in coherent and contextually relevant conversations.
  5. Global Communicator: DeepSeek is trained on diverse linguistic data, offering some level of multilingual support.

Consequences Stock Market

On 26 January 2025 there was even a big shake up in the stock market due to Deep Seek. US stocks plummeted as traders fled the tech sector and erased more than $1 trillion in market cap amid panic over the introduction of DeepSeek. The S&P 500 nearly 1.5% lower, while the tech-heavy Nasdaq Composite had shed more 3% by the end of the day. DeepSeek roiled stock futures after the AI model was said to outperform OpenAI’s ChatGPT in several tests. The losses gathered momentum after DeepSeek became the most downloaded app on Apple’s App Store in the US on 26 January.

Source: Business insider.

A Growing Global Market

As AI popularity expands worldwide, companies outside the U.S. and Europe (especially China) are developing their own solutions. DeepSeek is notable because it may offer high-speed performance and robust Chinese language capabilities. This makes it attractive to users with specialized language needs. However, these benefits come with a different legal framework, which can pose challenges for those used to Western data protection standards.

It has also been reported that DeepSeek is able to offer similar services and results as ChatGPT, Gemini, etc. for a fraction of the cost. This has greatly fueled popularity of the new AI model.

2. DeepSeek’s Privacy Policy: Personal Data Collection

Amongst others, according to a review of DeepSeek’s publicly accessible Privacy Policy, the platform collects a wide range of personal information. Qoute: “When you create an account, input content, contact us directly, or otherwise use the Services, you may provide some or all of the following information:

  • Information When You Contact Us. When you contact us, we collect the information you send us, such as proof of identity or age, feedback or inquiries about your use of the Service or information about possible violations of our Terms of Service (our “Terms”) or other policies.
  • Profile information. We collect information that you provide when you set up an account, such as your date of birth (where applicable), username, email address and/or telephone number, and password.
  • User Input. When you use our Services, we may collect your text or audio input, prompt, uploaded files, feedback, chat history, or other content that you provide to our model and Services.

Additionally DeepSeek stores (i) Automatically Collected Information like technical information, usage information, cookies, payment information and (ii) information from other sources like login, signup or linked information.

Where Is Information Stored

DeepSeek explicitly states:

“The personal information we collect from you may be stored on a server located outside of the country where you live. We store the information we collect in secure servers located in the People’s Republic of China.

Where we transfer any personal information out of the country where you live, including for one or more of the purposes as set out in this Policy, we will do so in accordance with the requirements of applicable data protection laws.”

For many users – especially those in countries with stringent privacy regulations – this is significant. Your legal recourse to access, delete or restrict your data might be limited once it’s hosted on servers in the PRC.

How Is This Data Stored and Processed?

While the Privacy Policy mentions “secure servers,” it is not clear how they deal with specific practices such as:

  • Encryption: Are your data and prompts encrypted at rest or in transit?
  • Third-Party Sharing: How widely is your data shared for analytics or collaboration?
  • Data Deletion: What happens if you decide to close your account or remove certain information?
  • Data Security: How are the servers protected against e.g. cyberattacks.

If you’re accustomed to GDPR (EU Data Privacy Regulation) or CCPA (California Data Privacy Regulation), you may be disappointed by the lack of clearly defined user rights (like the right to be forgotten or the right to data portability). It remains to be seen how these matters are covered by DeepSeek. Especially from a regulatory point of view – data privacy, data security and now also AI (see the EU AI Act).

There are many more aspects that are very interesting in the DeepSeek Privacy Policy, but for the purposes of this article this would be too much information to touch on all aspects.

3. DeepSeek’s Terms of Use: Model Training & Governing Law

DeepSeek’s Terms of Use do mention that the AI model will only use your Inputs in specific cases. It is however not exactly clear how broad this should be read. See part below in blue. The terms also offer a way for its customers to inform DeepSeek that they refuse DeepSeek to allow to use their Input data.

Potential Risks for Confidential Information

When adding client documents, proprietary research, or any private data as always be mindful. As far as we are aware at this moment:

  • No Guarantee of Confidentiality: There is no explicit promise to keep sensitive data confidential.
  • Future AI Outputs: The model might inadvertently reveal or be influenced by your confidential info.
  • Irreversible Submission: As DeepSeek’s Terms of Use do not mention how long DeepSeek will store your data, this will allow indefinite use of your data.
  • Unclear use of Input: it is not exactly clear how and in which cases your Inputs will be used to create Outputs or to train the model. It is likely and we should assume that DeepSeek uses your Input to train their AI model.

Governing Law and Jurisdiction

Next, let’s review the terms regarding governing law and jurisdiction, meaning the laws that govern the use of DeepSeek and where you will need to go to court in case of litigation with DeepSeek. DeepSeek clarifies this as follows in the Terms of Use:

9. Governing Law and Jurisdiction

9.1 The establishment, execution, interpretation, and resolution of disputes under these Terms shall be governed by the laws of the People’s Republic of China in the mainland.

9.2 If negotiation fails in resolving disputes, either Party may file a lawsuit with a court having jurisdiction over the location of Hangzhou DeepSeek Artificial Intelligence Co., Ltd.

This means:

  • The laws of the People’s Republic of China govern all legal disputes.
  • Chinese courts in Hangzhou, PRC, will handle any lawsuits.
  • Even though it is stated in the terms that DeepSeek will comply with applicable laws, research still needs to be done whether they will comply with GDPR, CCPA or other foreign regulations.

4. Data Privacy in China

In the EU and US there have been large initiatives since 2018 with respect to extensive legislation relating to the protection of data privacy and data security. In the coming years there will even be more regulations in connection hereto. See our article ‘Six New EU Regulations – like the AI Act – Explained‘.

Regulatory Differences

While China has its Personal Information Protection Law (PIPL), it doesn’t mirror the scope or depth of frameworks like GDPR or CCPA or the other regulations mentioned above – as far as we are aware but we are not lawyers or legal advisors versed in PRC laws.

Implications for International Users

If you reside outside China:

  • Limited Recourse: You might find it harder to challenge data privacy & security issues in a Chinese court.
  • Compliance Gaps: The data privacy and data security protections you are used to under EU or U.S. law may not apply here.
  • Cross-Border Transfers: Even if the Privacy Policy mentions meeting local regulations, these could be PRC regulations that differ significantly from your home country’s standards.

5. Which Data Not to Share in AI Models

As we stated in our article with respect ChatGPT, Gemini and Perplexity, apply common sense and caution when adding data to any online AI model. This could be different for local models – depending on the security measures taken by the AI model.

Avoid sharing for example:

  1. Confidential details (client, business or family member names, private letters, contracts & strategies).
  2. Personally identifiable information (PII) (addresses, phone numbers, medical records).
  3. Proprietary or business-critical data (unreleased products, prices, financials).
  4. Sensitive materials (health info, internal memos, or business & personal).
  5. Data protected by Applicable Law (copyright, illegal data, government data).

If you must work with potentially sensitive text, we recommend considering the following:

  • anonymizing the data first,
  • using an enterprise-level AI solution where the Terms of Use prohibit using your content for model training. This doe not seem to be possible for DeepSeek, or
  • an ‘on-premise’ AI model that anonymizes data.

6. Bringing It All Together

DeepSeek represents an interesting expansion of the AI landscape, especially for those who require strong Chinese language capabilities or want to explore AI solutions outside typical Western providers. However, its legal environment, data storage location, and governing jurisdiction all point to a platform that may not uphold the same privacy or confidentiality standards you’d expect under GDPR or CCPA.

This doesn’t mean DeepSeek is without merit. You should approach it with open eyes and informed caution. If you have critical confidentiality needs or work in a heavily regulated sector, it is wise to look elsewhere or secure a specialized enterprise agreement that explicitly addresses data protection concerns. For casual or non-sensitive uses, DeepSeek could be a helpful AI resource. As always, be mindful of what you submit and how it could be stored and potentially accessed under Chinese law.

7. Final Thoughts

AI is transforming the way we work – but it’s also transforming how data can move beyond our control. It is advised to think twice before you add content to any AI (LLM) Tool and actively keep track of how your content is used by any AI tool.

As always, we need to stay informed, be cautious and be proactive. That way, you can use the power of AI without compromising your most sensitive information. Keep an eye out for our upcoming in-depth articles on other AI models. We will also cover AI policies that can guide you and your team toward ethical and secure usage of these exciting new technologies.

Disclaimer: This article is a research project, provides general information about AI data usage and does not constitute legal advice.

If you have any further questions about the above, contact me via lowa@amstlegal.com or set up a meeting directly here .

Read More
Share
AI29/01/20250 comments