The Berlin Commissioner for Data Protection has reported the AI app Deepseek to Apple and Google as illegal content due to the transfer of personal data to China without adequate safeguards.
The Berlin Commissioner for Data Protection and Freedom of Information flagged Deepseek as unlawful content under Article 16 of the Digital Services Act (DSA). Apple and Google must now review the report and decide whether to block the app in Germany.
Deepseek is operated by Hangzhou Deepseek Artificial Intelligence Co., Ltd., based in Beijing, with no branch in the European Union. The app is available in German and targets users in Germany, making it subject to the EU's General Data Protection Regulation (GDPR).
According to the company, Deepseek processes a wide range of personal data, including text inputs, chat histories, uploaded files, location data, and information about users' devices and networks. This data is transmitted to processors in China and stored on servers there.
Data Protection Authority: Deepseek violates GDPR
Berlin's data protection authority says Deepseek is in breach of Article 46(1) of the GDPR. The regulation allows the transfer of personal data to third countries only if they guarantee a level of protection comparable to that in the EU. China does not have an EU adequacy decision, and the company was unable to provide appropriate safeguards as required by the GDPR.
Deepseek failed to convincingly demonstrate that users' data would be protected to the same extent as in the EU. In China, authorities have broad access rights to personal data, and users lack enforceable rights or effective legal remedies that are guaranteed within the EU.
On May 6, 2025, Berlin's data protection authority had already asked the company to voluntarily remove the app from German app stores, stop sending data to China, or fulfill the legal requirements for international data transfers. Since Deepseek did not comply, the app was formally reported to Apple and Google.
The action was coordinated with data protection authorities in Baden-Württemberg, Rhineland-Palatinate, and Bremen, and the Federal Network Agency's digital services coordination office, which is responsible for enforcing the DSA in Germany, was informed.
