DeepSeek Italy Ban and GDPR Data Transfers to China

On 30 January 2025, the Italian Garante blocked DeepSeek across Italy and opened an investigation into its handling of personal data. The provvedimento prohibited personal data processing pending investigation and pointed to two pressure points that matter far beyond one vendor: transparency under GDPR Articles 13 and 14, and transfers to third countries under Articles 44 to 49.

That should land hard if your staff use non-EU AI tools. DeepSeek got examined. Most others have not. That is not the same as being safe.

The practical question is simple: how many AI tools in your fleet share DeepSeek's data residency profile, and would survive the same scrutiny?

Why the DeepSeek action matters beyond DeepSeek

The Garante's action was unusually explicit. It did not just gesture at "AI risk." It focused on where personal data goes, what users and data subjects are told, and whether the transfer mechanism survives contact with local law.

Start with GDPR Article 44. It sets the general principle: any transfer of personal data to a third country has to maintain the level of protection guaranteed in the EU. Article 45 covers adequacy decisions. Today that includes jurisdictions such as the UK, Israel, Japan, South Korea, Canada for commercial organisations under PIPEDA in scope, and the US where the recipient is certified under the EU-US Data Privacy Framework.

Article 46 covers appropriate safeguards, including Standard Contractual Clauses. Article 49 covers derogations, which many teams abuse as if they were a standing operating model. They are not.

Then there is Schrems II, Case C-311/18, decided on 16 July 2020. SCCs did not die in that judgment. The idea that SCCs solve everything did.

Controllers have to assess whether the law and practice of the destination country undermine the safeguards in those clauses. That analysis is vendor by vendor. Product by product, at times. A US vendor with DPF certification and enterprise controls is not the same risk posture as an unknown API fronting infrastructure in China.

If your due diligence stops at "they have SCCs in the DPA," you are doing paperwork, not transfer analysis.

The transfer event most teams miss

AI governance programs still fixate on model quality, hallucinations, and procurement paperwork. Fine. But the transfer event often happens earlier: when an employee pastes personal data into a browser prompt, installs a free assistant, or sends customer records to an API chosen by a team lead on a Tuesday afternoon.

These are not edge cases. They are normal working behaviour.

Use this Chinese AI vendor's API to summarise our customer outreach plan for the APAC region.

That is potentially an Article 44 transfer event, with obvious questions about Chinese law, including the Data Security Law, and what government access risk does to your Schrems II analysis.

Run sentiment analysis on these 2,000 GDPR-scope customer emails using DeepSeek.

That combines Article 44 transfer analysis with the Garante's stated concerns around transparency under Articles 13 and 14.

Translate this internal HR file with the new free AI assistant the marketing team installed.

That is shadow AI in one sentence. Unknown vendor. Unknown residency. Unknown retention. Often no contract at all.

The analysis is per vendor, not per buzzword

You cannot classify "AI vendors" as one bucket and move on. The legal and technical posture differs sharply.

• Mistral: French-headquartered and generally positioned as EU-friendly. That helps. You still need to confirm where the relevant service runs, where logs are stored, and whether subprocessors move data elsewhere.
• Anthropic: US vendor. SCCs are available in enterprise paperwork. Your analysis still has to consider US law, including FISA 702 exposure where relevant, plus actual retention and logging controls.
• Google Gemini: typically a US transfer analysis with DPF and SCCs in the picture depending on service structure. Check the exact service terms and whether your specific tenant, logs, and support flows stay within the boundaries you think they do.
• Cohere: Canadian vendor. Canada benefits from an adequacy decision for commercial organisations in scope, which usually simplifies part of the analysis, but not all operational questions.
• Meta Llama: open weights change the question. If you deploy locally in the EU, the transfer analysis may be very different from using a hosted third-party Llama service. Open weights do not erase data protection duties; they just move them.

This is why inventory matters before policy. You need a list of tools, not a slide deck about responsible AI.

!Prytive risk breakdown showing AI tools by residency category — EU-hosted, US-DPF, third-country uncertain

What your DPO needs from every AI vendor

For each tool, ask the same hard questions. Keep the answers in writing.

1. Where does the model actually run? Not headquarters. Runtime location.
2. Where are prompts and completions logged? Separate production inference from logging and support systems.
3. What is the default retention period? "Temporary" is not a number.
4. Is zero-retention available? If yes, is it contractual, configurable, and enabled for your tenant?
5. What transfer mechanism applies? Article 45 adequacy, Article 46 SCCs, or a narrow Article 49 derogation.
6. What national law applies to the provider and subprocessors? This is where Schrems II stops being theoretical.
7. Do government access laws materially change the analysis? US FISA 702. China's Data Security Law and related state access framework. Others too, depending on destination.
8. How do they handle transparency obligations? If personal data from customers, employees, or counterparties enters the system, can you support Articles 13 and 14 disclosures truthfully?

If a vendor cannot answer four of these quickly, your problem is not documentation quality. Your problem is that they do not know their own data path.

Eight-question vendor data residency checklist

Use this for any new AI tool before approval.

| Question | Why it matters | GDPR anchor | |---|---|---| | Where is inference performed? | Determines whether a transfer occurs at prompt time | Article 44 | | Where are prompts and outputs stored? | Logging may create separate third-country transfers | Article 44 | | Is the destination covered by adequacy? | Reduces transfer friction if Article 45 applies | Article 45 | | If not, what safeguards are in place? | SCCs and technical controls sit here | Article 46 | | Has Schrems II country-law analysis been done? | SCCs alone are not enough | Case C-311/18 | | What is the retention default and deletion process? | Retention inflates risk and incident scope | Articles 5(1)(c) and 5(1)(e) | | Is zero-retention available and enabled? | Limits exposure from prompts containing personal data | Article 25 | | Can you meet Articles 13-14 disclosures? | If not, transparency is already weak | Articles 13-14 |

This is the same logic behind the 72-hour AI incident response playbook: know where the data went before you need to explain it to a regulator.

What to do this week

First, pull an inventory of AI tools already in use. Browser extensions. Web apps. API clients. The approved stack is rarely the real stack.

Second, group them into three buckets: EU-hosted, adequate jurisdiction, and third-country uncertain. That third bucket is where your time goes.

Third, review any tool used for customer support, HR, legal, insurance claims, healthcare workflows, or sales ops first. Those teams paste the most sensitive material under deadline pressure. Policy decks do not change that. Controls do.

Fourth, stop pretending Article 49 derogations are your default answer for routine AI use. They are for occasional and specific cases, not everyday prompt traffic.

If you need a starting point for guardrails, the one-page AI usage policy template is a good way to force the right questions before another free tool lands in Chrome.

DeepSeek is not the whole story.

It is the clearest recent warning shot. The Garante looked at one AI vendor's transparency and transfer posture and decided the answers were not good enough to keep processing personal data during the investigation. Your employees already use tools that would struggle under the same light.

Discover which AI vendors your employees already use, with residency profile per tool — Prytive 7-day audit.