German Authorities Demand Google and Apple Remove DeepSeek from App Stores

Red Dog Security

05 Jul 2025 — 2 min read

German regulators have formally ordered Google and Apple to remove the DeepSeek app from their platforms, citing serious violations of EU data protection laws. The directive was issued by Berlin’s Data Protection Commissioner, Meike Kamp, who argues that the Chinese-owned AI app fails to comply with the General Data Protection Regulation (GDPR).

Key Allegations

At the center of the controversy is Hangzhou DeepSeek Artificial Intelligence, the China-based developer of the DeepSeek app, which offers generative AI services in multiple languages—including German. Authorities claim the company is illegally processing German users' data on Chinese servers without the safeguards required under EU law.

Illegal Data Transfers: Under Article 46(1) of the GDPR, data transferred outside the EU must be subject to protections equivalent to EU standards. According to Kamp, China’s weaker data privacy laws make this virtually impossible.
No EU Legal Presence: DeepSeek operates without a registered legal entity in the EU, yet distributes a German-language app—bringing it under the jurisdiction of GDPR.

Regulatory Timeline and Action

May 6, 2025: Commissioner Kamp requested that DeepSeek voluntarily delist its app from EU markets. The company declined.
Now: Authorities have escalated the matter, invoking Article 16 of the Digital Services Act (DSA). This legal mechanism allows EU member states to compel online platforms to assess and act on potential legal violations.

The takedown demand is being enforced with support from:

Germany’s Federal Network Agency (Bundesnetzagentur)
Other EU regulatory partners concerned with data sovereignty and national security

Why It Matters

The move reflects increasing scrutiny of Chinese digital platforms in Europe, following similar actions against apps like TikTok, Temu, and Shein. Regulators are especially focused on:

Where user data is stored and processed
Whether foreign companies can comply with GDPR without an EU-based legal structure
How data might be accessed by foreign governments under national security laws

This case could set a precedent for future enforcement against non-EU AI platforms, particularly those operating without transparency or local accountability.

What Happens Next?

Google and Apple must now decide whether to:

Comply with the takedown order
Appeal or delay enforcement, citing legal uncertainty or lack of jurisdiction

Meanwhile, DeepSeek’s access to European markets is in jeopardy. Without rapid compliance or structural changes, the company could face a full EU ban and potential penalties under GDPR.

Follow for updates as this regulatory battle unfolds—both for its immediate impact and its implications for the future of AI governance in Europe.

352 Android Apps Infected with IconAds Adware

Security researchers at Human Security have uncovered a massive ad fraud operation dubbed IconAds, involving 352 malicious Android apps previously available on the Google Play Store. At its peak, the campaign generated over 1.2 billion ad requests per day, primarily targeting users in Brazil, Mexico, and the United States.

AI Chatbots Like ChatGPT Are Providing Fake URLs for Major Companies

Cybersecurity analysts at Netcraft have uncovered a troubling trend: AI chatbots frequently generate incorrect or misleading URLs when asked to provide official website links for major brands. According to researchers, this flaw opens a dangerous new vector for phishing and domain hijacking attacks. Key Findings from Netcraft’s Study The

Hackers Leak Allegedly Stolen Telefónica Data

A hacker is threatening to release 106 GB of data allegedly stolen from Spanish telecommunications giant Telefónica, though the company firmly denies any recent breach or data compromise. The threat actor, operating under the alias “Rey,” claims the intrusion occurred on May 30, during which over 12 hours of data

.es Domains Become 19 Times More Popular Among Phishers

Cybersecurity researchers at Cofense report a dramatic rise in phishing campaigns leveraging .es domains, which are officially reserved for Spanish-language websites or entities based in Spain. The use of these domains by cybercriminals has surged 19-fold since the beginning of 2025, making .es the third most exploited top-level domain (TLD)