Germany Orders DeepSeek AI App Removed Over Data Privacy Fears

Germany’s top data protection authority has ordered Apple and Google to remove the Chinese artificial intelligence app DeepSeek from their app stores, citing serious concerns over illegal data transfers and inadequate privacy protections for German users. The move marks a significant escalation in Europe’s ongoing scrutiny of foreign AI technologies, particularly those originating from China, and highlights growing anxieties about the security of personal data in the age of advanced chatbots and generative AI.

The order, issued by Federal Data Protection Commissioner Meike Kamp, follows months of mounting pressure on DeepSeek to comply with Europe’s strict data protection standards. Kamp’s office had previously given DeepSeek a deadline to demonstrate that it could safeguard European user data according to the General Data Protection Regulation (GDPR), or else voluntarily withdraw from the German market. When DeepSeek failed to provide sufficient evidence of compliance, German authorities took decisive action.

“DeepSeek has not been able to provide my agency with convincing evidence that German users’ data is protected in China to a level equivalent to that in the European Union,” Kamp stated. She emphasized that Chinese law grants authorities broad access to data held by companies operating within its jurisdiction, creating a fundamental incompatibility with European privacy standards. “Chinese authorities have far-reaching access rights to personal data within the sphere of influence of Chinese companies,” she added.

According to DeepSeek’s own privacy policy, the company collects and stores a wide range of personal information—including user queries, uploaded files, and metadata—on servers located in China. This practice, Kamp argues, exposes German citizens to risks that are unacceptable under EU law, particularly given the lack of transparency about how this data might be accessed or used by Chinese government agencies.

Apple and Google, the two dominant app store operators in Germany, have been formally notified of the order and are now required to review the regulator’s findings. They must decide whether to comply by removing DeepSeek from their platforms or challenge the order through legal channels. As of Sunday, neither company had issued a public response, and DeepSeek itself has remained silent on the matter.

European Governments Intensify Scrutiny of Chinese AI Apps

Germany’s move is the latest in a wave of European actions targeting DeepSeek and similar Chinese-developed AI applications. Earlier this year, Italy banned DeepSeek from its app stores, citing a lack of clarity about how user data was being processed and stored. The Netherlands has prohibited the use of DeepSeek on government devices, with officials warning that the app poses a “spy-prone” risk due to its data handling practices.

France and Ireland have both launched investigations into DeepSeek, seeking to determine whether the app’s operations are compatible with their national privacy laws. Across the Atlantic, U.S. lawmakers are preparing legislation that would ban federal agencies from using AI models developed in China, reflecting a broader trend of skepticism toward Chinese technology in sensitive sectors.

DeepSeek’s rapid rise and subsequent backlash have been dramatic. The Hangzhou-based company, backed by Chinese hedge fund High-Flyer, burst onto the global stage in January with the release of its R1 language model. DeepSeek claimed its technology could match the capabilities of OpenAI’s ChatGPT at a fraction of the cost, sparking a surge in downloads and briefly making it the most popular app on Apple’s App Store. The launch also triggered a sell-off in U.S. tech stocks, as investors worried about the disruptive potential of a low-cost Chinese rival.

But DeepSeek’s success has been overshadowed by persistent concerns about privacy and security. Experts have warned that the company’s data collection practices are unusually broad, encompassing not only the content of user interactions but also metadata and behavioral information. All of this data is routed to servers in China, where local laws require companies to cooperate with intelligence and law enforcement agencies if requested.

The risk, according to privacy advocates, is that German and European user data could be accessed by Chinese authorities without adequate legal safeguards or oversight. “The fundamental issue is that once data leaves the EU and enters a jurisdiction like China, European citizens lose control over how it’s used and who can see it,” said Dr. Lena Fischer, a Berlin-based data protection lawyer. “That’s incompatible with the core principles of the GDPR.”

DeepSeek’s troubles have been compounded by a series of cyberattacks that exposed user data and internal API secrets. In one high-profile incident, hackers published a cache of user queries and authentication tokens, raising further questions about the company’s ability to protect sensitive information. While DeepSeek has promised to improve its security practices, critics argue that the underlying issue is structural: as long as data is stored in China, it remains vulnerable to both government access and malicious actors.

The controversy has also reignited debate within the European Union about how to balance technological innovation with the need for robust privacy protections. Some policymakers worry that overly strict regulations could stifle the adoption of cutting-edge AI tools, putting European businesses at a disadvantage. Others argue that the risks posed by foreign AI providers—especially those from countries with different legal and political systems—are simply too great to ignore.