Cybersecurity Association of Pennsylvania Raises Concerns Over Data Security and Privacy Risks Associated with DeepSeek AI

FOR IMMEDIATE RELEASE

Cybersecurity Association of Pennsylvania Raises Concerns Over Data Security and Privacy Risks Associated with DeepSeek AI

Harrisburg, PA – January 27, 2025 – The Cybersecurity Association of Pennsylvania (PennCyber) today issued a warning to consumers regarding significant data security and privacy risks posed by the use of the DeepSeek AI assistant, a product of Hangzhou DeepSeek Artificial Intelligence Co., Ltd. This comes in light of reports about the company’s skyrocketing popularity in the United States and concerns about its data handling practices.

Recent news has highlighted DeepSeek’s rapid rise to fame, with its AI assistant becoming the top-rated free application on Apple’s App Store. However, PennCyber is urging users to exercise caution due to critical privacy issues outlined in DeepSeek’s own privacy policy, which reveal alarming details about how user data is collected, stored, and transferred.

According to the DeepSeek AI Privacy Policy, any data submitted to the company will be transferred out of the United States to the People’s Republic of China. Additionally, DeepSeek retains users’ information for as long as necessary to provide its services, without specifying clear data deletion timelines. This lack of transparency raises red flags about how user data may be utilized, including the possibility of exposure to foreign surveillance and misuse.

“Users have the right to know where their data is going and how it will be used,” said Scott R. Davis, Chairman of the Cybersecurity Association of Pennsylvania. “DeepSeek’s privacy policy fails to provide sufficient clarity or safeguards for consumers, particularly as their data is being transferred to a jurisdiction with vastly different privacy laws and oversight compared to the United States.”

DeepSeek’s sudden surge in popularity has also drawn attention to its underlying technology and operational practices. While the company touts the cost-effectiveness and efficiency of its AI models, there is a troubling lack of transparency about the company itself, its data practices, and its compliance with international privacy standards such as GDPR and CCPA.

The Association also expressed concern over potential cybersecurity risks linked to DeepSeek’s services. The recent announcement of a cyberattack that forced DeepSeek to temporarily limit registrations underscores the vulnerability of its systems. The incident raises questions about the robustness of the company's security measures, especially when handling sensitive user data at scale.

PennCyber urges U.S. consumers, businesses, and policymakers to critically evaluate the implications of using AI tools like DeepSeek. “The convenience and innovation of AI should not come at the expense of personal privacy and data security,” Davis added. “We call on DeepSeek to address these concerns by enhancing transparency and adopting stricter data protection measures.” 

For consumers, PennCyber recommends:

• Reviewing the privacy policies of AI applications before using them.
• Limiting the submission of sensitive or personally identifiable information to platforms with unclear data handling practices.
• Advocating for stronger privacy regulations to protect user data from unauthorized access and misuse.

PennCyber has released its Acceptable Use of Generative AI Tools [Sample Policy], designed to help organizations adopt these tools responsibly while enhancing their overall cybersecurity posture.

As the adoption of AI technologies continues to grow, PennCyber remains committed to promoting awareness of cybersecurity and data privacy issues. The Association will continue to monitor developments related to DeepSeek and other emerging technologies, providing timely guidance to safeguard the interests of Pennsylvanians and beyond.

About the Cybersecurity Association of Pennsylvania

The Cybersecurity Association of Pennsylvania (PennCyber) is a leading advocate for cybersecurity awareness, education, and best practices across the Commonwealth of Pennsylvania. PennCyber is committed to empowering individuals and organizations to navigate the digital world safely and securely.

### END ###

Scott Davis

"You can't protect what you don't know"