German Data Protection Authority Asks Apple and Google to Stop Distributing DeepSeek App
Intro
In mid-June 2025, Germany’s Hamburg Data Protection Authority (DPA) formally requested that Apple and Google remove the AI-powered DeepSeek app from their iOS and Android marketplaces. The regulator warned that the app’s core function—scanning user images to identify objects and text—poses serious risks to personal privacy and runs afoul of the EU’s General Data Protection Regulation (GDPR).
DeepSeek in a Nutshell
DeepSeek allows users to snap photos or upload images from their gallery. The app then uses optical character recognition (OCR) and image recognition algorithms to identify products, landmarks, text snippets or everyday objects. At first glance, the feature seems handy: point your phone at a menu in a foreign language or at an unknown gadget on your desk, and DeepSeek promises instant answers. But behind the scenes, every image is sent to remote servers outside the user’s control, creating a potential data-leak and privacy pitfall.
Why Germany’s DPA Stepped In
Under GDPR rules, companies must have a clear legal basis for processing personal data, obtain informed consent, and limit their data-handling to what is strictly necessary. The Hamburg DPA found that DeepSeek checks none of these boxes. Key concerns include:
• Lack of lawful basis: DeepSeek does not tie image uploads to any valid GDPR grounds, such as explicit user consent or a contract.
• Insufficient transparency: The app’s privacy policy offers little detail on how long images are stored or whether they are shared with third parties.
• No user control: Users cannot opt out of cloud-based processing or delete individual images once they’re in DeepSeek’s system.
• Sensitive content risk: Photos can contain faces, license plates, private documents or location metadata—data that GDPR treats as personal and, in some cases, as “special category” information.
The DPA concluded that DeepSeek’s operations may expose users to profiling, unwanted identification and potential misuse of personal images.
The Regulator’s Demands
In its June 12, 2025, notice to Apple and Google, the Hamburg DPA:
1. Asked both companies to immediately suspend new downloads and updates of DeepSeek in their app stores.
2. Required confirmation within 14 days that the app is no longer publicly available.
3. Warned that failure to comply could lead to formal enforcement actions, including fines of up to 4 percent of global turnover under GDPR.
The DPA also noted it had tried to obtain information directly from DeepSeek’s developer but received no satisfactory response.
Apple and Google’s Role
Both Apple and Google have procedures for handling regulatory requests. In past cases—ranging from data-harvesting games to location-tracking utilities—they have removed or suspended apps when regulators flagged serious legal breaches. The Hamburg DPA’s request places Apple and Google in the position of deciding whether to defy a national regulator or to respect EU privacy rules.
DeepSeek’s Developer: Silence or Defense?
As of this writing, the company behind DeepSeek has not publicly commented. It may choose to update its app to meet GDPR standards—adding clear consent flows, local processing options and stricter data-retention rules. Alternatively, the developer could challenge the DPA’s findings in court, arguing that its service poses minimal privacy risk or that its practices comply with existing rules.
A Wider Trend in AI Regulation
DeepSeek is not the first AI tool to be reined in by European data watchdogs. Regulators across the EU have grown wary of apps that rely on cloud-based AI for image or voice processing. Last year, France’s CNIL fined a facial-recognition firm for illicitly collecting street-camera footage. The UK’s ICO has published guidance on AI transparency. And the upcoming EU AI Act may impose even tighter rules on “high-risk” AI systems.
Consumers who assume that every app on Apple’s App Store or Google Play Store meets strict privacy standards might be surprised. Regulators warn that app marketplaces, while curated, are not immune from hosting software that collects or misuses personal data.
What Happens Next?
If Apple and Google comply, DeepSeek will disappear from their stores in Germany—and possibly across the EU—until the developer resolves the DPA’s concerns. Users who already installed the app will still have it on their phones, but future updates may be blocked. If the developer submits a compliant version and the DPA signs off, DeepSeek could reappear. On the other hand, refusal to comply risks heavy fines and a broader ban in European markets.
3 Key Takeaways
• Germany’s Hamburg DPA has ordered Apple and Google to pull DeepSeek over GDPR breaches.
• The app uploads user images for AI-based object and text recognition without clear consent or privacy safeguards.
• Apple and Google must report back within two weeks or face possible fines under EU data‐protection law.
3-Question FAQ
1. What exactly is DeepSeek?
DeepSeek is a smartphone app that uses AI to identify objects, text, products and landmarks from photos. It relies on cloud servers to process user images rather than handling them locally on the device.
2. Why did the Hamburg DPA intervene?
The authority found that DeepSeek processes personal data—like photos containing faces or private documents—without a valid GDPR legal basis, without proper user consent, and without clear policies on data storage or sharing.
3. Could DeepSeek return to app stores?
Yes. If the developer updates the app to address the DPA’s privacy concerns and obtains approval from the regulator, Apple and Google could relist a GDPR-compliant version.
Call to Action
Stay informed about how AI apps use your data. Review app permissions on your phone and read privacy policies before installing new software. For the latest developments on privacy, data protection and AI regulation, subscribe to our newsletter or visit our website.
