Hellenic DPA Investigates AI Application & Spyware Data Breach Amid Growing European Scrutiny

Key Takeaways

• Investigation into DeepSeek AI: The Hellenic Data Protection Authority (DPA) has launched an investigation into DeepSeek AI, assessing whether the application is violating GDPR regulations, following similar actions taken by other European regulators, including Italy’s recent ban on the service.
• Spyware Breach Affecting WhatsApp Users: The DPA is also investigating a breach involving WhatsApp users in Greece, caused by malicious spyware. The authority will assess the scope of the breach and ensure that WhatsApp complied with data protection obligations.
• Growing AI Governance Scrutiny: The investigations come amid increasing scrutiny of AI governance in Europe, particularly with the EU’s AI Act, which imposes strict regulations on AI developers in areas such as transparency, accountability, and data privacy.
• Potential Repercussions for DeepSeek: If the Greek investigation finds GDPR violations, DeepSeek may face penalties similar to those imposed in Italy, including potential bans and hefty fines, highlighting concerns over AI platforms’ security and data handling.

Deep Dive

The Hellenic Data Protection Authority (DPA) has announced two significant investigations today. One centers on the legality of the DeepSeek AI application under the General Data Protection Regulation (GDPR), while the other addresses a spyware breach that has impacted WhatsApp users in Greece.

The Hellenic DPA’s investigation into DeepSeek follows closely in the footsteps of similar actions taken by European regulators, including Italy’s recent crackdown on the AI application. As previously reported, the Italian Data Protection Authority blocked DeepSeek from processing data of Italian users, citing serious privacy concerns. This marks a pivotal moment in the broader European regulatory landscape, where AI companies are facing increasing pressure to comply with GDPR and other privacy laws, regardless of where they are based. DeepSeek, which has quickly gained global traction, now finds itself under the microscope in Greece as well, with the DPA examining whether the AI service is violating local data protection laws.

Meanwhile, the DPA is also investigating a breach affecting WhatsApp users in Greece, triggered by spyware. WhatsApp notified the Greek authority after learning that a group of Greek users had been impacted by a data breach linked to malicious spyware. This breach adds to the growing list of spyware-related incidents, further underlining the need for stronger security measures in digital communication platforms. The DPA will assess the scope of the breach and ensure that WhatsApp has complied with its obligations to protect user data.

Both investigations come at a time when AI governance is under intense scrutiny in Europe. The EU’s introduction of the AI Act, aimed at regulating AI technologies, sets a framework that places significant obligations on AI developers and operators, especially in areas such as transparency, accountability, and data privacy. The Italian and Greek investigations serve as a reminder that AI developers, no matter where they are based, must ensure their operations comply with these strict regulations if they wish to maintain access to the European market.

For DeepSeek, the path forward could be difficult. If the Greek investigation finds violations, the company may face similar repercussions to those it encountered in Italy, including potential bans or hefty fines. The investigation also raises broader questions about how AI companies are handling user data, especially as incidents like the security lapse that exposed DeepSeek’s sensitive data further add to concerns over the platform’s security practices.

In the race to develop cutting-edge AI, companies like DeepSeek must learn that privacy and security cannot be afterthoughts. In an industry that is moving at lightning speed, it is crucial that companies integrate robust security measures into the very design of their platforms to avoid exposing users’ sensitive data.

With AI becoming increasingly embedded in the global economy, the lessons from these ongoing investigations will resonate far beyond Greece. As Europe tightens its grip on AI regulation, both AI developers and digital communication platforms will need to reassess their data protection practices or risk facing the full force of regulatory action.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.