IAPP Article – DeepSeek and the China Data Question: Direct Collection, Open Source, and the Limits of Extraterritorial Enforcement 

This article, published by the International Association of Privacy Professionals, focuses on a question many organizations are grappling with: does running DeepSeek locally solve the China data problem? The answer is more nuanced than the binary debate suggests. While self-hosting eliminates cross-border data flows, security researchers have documented vulnerabilities embedded in the model weights themselves—from jailbreaking susceptibility to CCP narrative alignment. The article also examines why the “data transfer” framing used by European regulators may not fit DeepSeek’s direct collection model.

Read the full analysis:

DeepSeek and the China Data Question (IAPP)

8
Like this article?
Share on Facebook
Share on Twitter
Share on Linkdin
Share by Email
Picture of Theodore Christakis

Theodore Christakis

Director of the Chair AI Regulation. Professor of International & European Law, University Grenoble Alpes. Member: Institut Universitaire de France; French National Digital Council (CNNum); French National Committee for Digital Ethics (CNPEN); EIT-Health Consultative group on AI, Data, Industrial & Cybersecurity Policy. Senior Fellow with the Cross-Border Data Forum. Director, Center for International Security & European Studies (CESICE); co-Director, Grenoble Alpes Data Institute.