Western governments are already concerned about DeepSeek’s Chinese origin and the fact that it stores user data in China. There are also issues that the software follows the Chinese government line on practically everything (try asking it about the Tiananmen Square massacre).
DeepSeek does not appear to be spyware, in the sense that it does not seem to covertly harvest data without user consent. However, like many online services, it explicitly states in its privacy policy that it records a substantial amount of user information.
The company’s policy outlines three main categories of data collection. The first includes information users provide directly, such as names, email addresses, messages, and any files uploaded.
The second category consists of automatically collected data, including device specifications, IP addresses, usage patterns, cookies, and payment details. Finally, DeepSeek gathers data from third-party sources, including Apple and Google login services, as well as advertising and analytics firms.
This data collection framework is comparable to that of leading AI chatbots like ChatGPT and Claude.
DeepSeek claims it processes user data for multiple purposes, including service provision, communication, enforcement of terms, and performance improvements. However, the company also reserves the right to use the data to "comply with our legal obligations, or as necessary to perform tasks in the public interest, or to protect the vital interests of our users and other people."
Additionally, DeepSeek’s policy states that data may be shared with third parties, including advertising firms, analytics companies, law enforcement agencies, public authorities, copyright holders, and other entities. The company does not specify a fixed retention period, instead stating it will keep data "for as long as necessary" for various uses.
While these practices are not uncommon in the tech industry, concerns persist due to the legal and cybersecurity environment in which DeepSeek operates.
While DeepSeek claims its servers are the most secure, China ranks among the world’s most cybercrime-prone nations. A 2024 study placed it third behind Russia and Ukraine for cybercriminal activity. Microsoft and other cybersecurity experts have also accused the Chinese government of working with cybercrime networks to conduct sophisticated cyberattacks.
Even if DeepSeek does not intentionally share user data, analysts warn that the company’s information storage practices could leave it vulnerable to data breaches or unauthorised access by state-affiliated actors. Cybercriminal organisations in China frequently collect detailed user profiles to orchestrate targeted phishing scams, which can be used to extract sensitive personal or financial information.
As one analyst pointed out, with those security concerns, no US sane US company would ever install DeepSeek in their systems.
DeepSeek is also facing issues over the fact that it might have saved a fortune by “borrowing” OpenAI’s data.
Now, OpenAI and Microsoft claim they have evidence that the Chinese company trained their AI model by using data it had lifted from OpenAI.
OpenAI claimed to the Financial Times that it had evidence that DeepSeek trained its AI using OpenAI's models. According to Bloomberg, Microsoft also believes that an OpenAI developer account it believes is connected to DeepSeek stole large amounts of data late last year. Microsoft is a major investor in OpenAI, providing the company with billions of dollars in resources.
OpenAI's Sam Altman previously said the company spent over $100 million to train GPT-4. DeepSeek says it trained its latest model, DeepSeek-Ri, with less than $6 million.
The last issue is DeepSeek's impact on the IT industry worldwide. While it is seen as a way of saving money on expensive Nvidia chips, it is based on expensive Nvidia chips. It might require fewer of them, but the world is still Nvidia dependent.
