The Privacy Guarantor blocked the Chinese Deepseek in Italy: 1 million chat and online data

The GPDP (Guarantor for the protection of personal data) recently ordered a immediate block For Chinese artificial intelligence Deepseek, which has been spoken of a lot in recent days. More precisely, the guarantor intervened against Hangzhou Deepseek Artificial Intelligence And Beijing Deepseek Artificial Intelligencecompanies that develop the chatbot, blocking access to the latter. This measure applies to the processing of Italian users’ data, in response to a communication deemed insufficient by the companies involved. The decision of the Privacy Guarantor, communicated with an official note published yesterday, came after the app founded by Liam Wenfeng was removed from the Italian versions of the Play Store and the App Storewhich had made an action by the Italian authorities. To this picture is also added the discovery of a serious vulnerability in the Deepseek databases, which raised serious doubts about the security of user data. This because beyond a million chat and sensitive information would have been exposed online.

Because the Privacy Guarantor blocked the Chinese Deepseek

The measure adopted by the Italian guarantor is part of a context of growing attention to the processing of personal data by non -European companies. The Chinese companies involved have declared that they did not operate in Italy and not to be subject to European legislation, a position that the authority considered unacceptable, starting an investigation to deepen the matter. The block, adopted in an emergency, aims to protect the data of Italian users from possible violations and improper uses. In the press release of the Guarantor, we read:

The limitation measure – adopted to protect the data of Italian users – follows the communication of the companies received today, whose content has been considered completely insufficient. Contrary to what is detected by the Authority, the companies have declared not to operate in Italy and that European legislation is not applicable to them.

The vulnerability of Deepseek artificial intelligence systems

Parallel, a research conducted by Wiz Research (an American startup that deals with cybersecurity) has revealed Criticism in the safety of the Deepseek infrastructure. Experts have identified instances of the not adequately protected clickhouse database, allowing public access to extremely sensitive data. Among the information on display, there was further one million registers of users’ conversations in non -encrypted format, bees keys, Details on the Backand of the Platform And operational metadata. Surprisingly, anyone could access this information through simple SQL queries that can be performed by a web interface, without any form of authentication.

The extent of the vulnerability has aroused great concern among computer security experts. The database contained Interior log dating back to January 6, 2025recording details on all interactions between users and chatbots, as well as reserved information on the management of the platform. The configuration adopted could have afforded to began to extract sensitive data, including private messages and unprotected access credentials. Although Deepseek quickly responded to the report, closing access to the publicly exposed databases, the doubt remains on any unauthorized access that took place Before of the discovery of vulnerability.

In short: the Deepseek story raises important questions about data security in the context of artificial intelligence and also opens a whole series of reasoning on how important it is by the various authorities to continue to perform a rigorous control of the various “actors” who enter on stage in the AI ​​sector.