“It was invigorating to have a new competitor… DeepSeek’s model is impressive, particularly around what they’re able to deliver for the price.”
~Sam Altman, CEO of OpenAI
DeepSeek AI has disrupted the traditional AI landscape, which has long been dominated by U.S. companies. It is being said that its models stand out due to their efficiency and lower operational costs. For the audience lacking context, DeepSeek is a Chinese artificial intelligence (AI) startup founded in May 2023 by Liang Wenfeng, headquartered in Hangzhou, Zhejiang. The company has risen in the AI industry by developing open-source large language models (LLMs) designed to make advanced AI technologies more accessible for both commercial and academic applications. Liang Wenfeng, previously a co-founder of the hedge fund ‘High-Flyer’, established DeepSeek with a vision of advancing artificial general intelligence (AGI). Their first major breakthrough came in November 2023 with the launch of DeepSeek Coder, an open-source LLM designed for coding assistance. This was followed by the release of DeepSeek-V2 in May 2024 and DeepSeek-V3 in December 2024, the latter featuring an impressive 671 billion parameters and outperforming models like Llama 3.1 and Qwen 2.5 in various benchmarks.
The most recent and significant release, DeepSeek-R1, was introduced on January 20, 2025. This model is optimized for logical inference and mathematical reasoning, rapidly gaining popularity and surpassing ChatGPT in downloads on app stores. Notably, the training cost of DeepSeek-R1 was approximately $5.58 million—substantially lower than comparable models developed by U.S. firms, which often exceed $100 million. This cost advantage has raised concerns among investors regarding the valuation of major chip manufacturers like Nvidia and AMD, as DeepSeek’s approach could redefine market dynamics.
Key Differences in Approach and Functionality
Unlike OpenAI, DeepSeek-R1 model is fully open-source, allowing users to download, modify, and run the model locally. The development of DeepSeek’s models is significantly more cost-effective—DeepSeek-R1 was trained for approximately $5.58 million, about 90% less than OpenAI’s estimated costs for similar models. It reportedly achieves a 79.8% accuracy rate on math benchmarks, slightly outperforming OpenAI’s models in specific areas. DeepSeek also integrates techniques like Sparse Attention Mechanisms and Mixture-of-Experts (MoE) to enhance efficiency.
One of DeepSeek’s standout features is its significantly lower energy consumption. The model reportedly operates with 90% less energy than traditional AI models like OpenAI’s GPT-4. This efficiency stems from its optimized architecture and the use of fewer hardware resources. Additionally, DeepSeek requires only 2,000 chips, whereas similar AI platforms typically depend on around 16,000 chips. This substantial reduction in hardware not only cuts down on energy usage but also lessens the demand for rare minerals, which are essential in chip production. By using fewer resources, DeepSeek contributes to both energy efficiency and sustainability.
Ethical Considerations and Data Governance Issues
DeepSeek’s operations under Chinese data governance laws have raised significant privacy and regulatory concerns, particularly in Western markets. The Italian Data Protection Authority (DPA) has recently issued a 20-day deadline for DeepSeek to clarify its data handling practices, emphasizing the potential risks to millions of Italian users’ personal data. This scrutiny follows a complaint from Euroconsumers, highlighting fears regarding compliance with the General Data Protection Regulation (GDPR) and the transparency of data collection processes. Cybersecurity experts have pointed out that the chatbot poses privacy threats due to its compliance with Chinese regulations that require companies to assist state intelligence operations. This means user data could be subject to government monitoring, contrasting with the U.S., where federal access typically requires a court order. DeepSeek collects extensive user data, including keystroke patterns, which could further complicate its compliance with international data protection standards.
In response to these concerns, Indian authorities are also closely monitoring DeepSeek’s rise, wary of how Indian user data might be managed given its links to China. The Indian government is currently evaluating whether any user data is being transferred to China and has indicated that it will take necessary actions if any risks are identified.
Further, this instance has brought up an issue of AI organisation’s internal privacy setups. OpenAI has accused DeepSeek of improperly using its data to train AI models, specifically alleging the use of a technique called “distillation”. This method involves leveraging outputs from existing models to train new ones, potentially violating OpenAI’s terms of service. OpenAI claims to have evidence that DeepSeek used its models to train the R1 AI model, contradicting DeepSeek’s claims of developing its model at a fraction of the cost of competitors like OpenAI and Google.
Microsoft, a major investor in OpenAI, is reportedly investigating whether DeepSeek accessed OpenAI’s data through unauthorized means. There are suspicions that individuals connected to DeepSeek may have extracted data via OpenAI’s API, raising concerns about compliance with usage restrictions. These allegations emerge at a time when DeepSeek’s R1 model has disrupted the AI market, triggered significant stock market reactions, and raised concerns among major tech companies. The situation underscores ongoing tensions in the AI industry over data usage and intellectual property rights. Further, DeepSeek itself has been claiming being under consistent and recurring cyberattacks due to which the company has had to limit the number of registrations under the website.
Possible Implications for DeepSeek in the Indian Data Privacy Landscape
The Digital Personal Data Protection (DPDP) Act, 2023, along with the Draft Digital Personal Data Protection Rules, 2025, provide a regulatory framework for the collection, processing, and storage of personal data in India. The Act emphasizes transparency, accountability, explicit consent, data minimization, and purpose limitation to ensure user privacy.
DeepSeek AI as a Data Fiduciary, faces compliance concerns under India’s privacy framework due to ambiguities in its privacy policy, and its practice of storing user data in China. These issues may lead to potential non-compliance with the DPDP framework.
According to its privacy policy, DeepSeek collects a plethora of personal data including “Information You Provide”, including profile details (date of birth, username, email, phone number, password), content you share (text, audio, feedback, chat history, uploaded files), and contact information (proof of identity or age, feedback, inquiries). It also gathers “Automatically Collected Information,” such as internet activity (IP address, device identifier, cookies), technical data (device model, OS, keystroke patterns, system language, diagnostic info), usage details, and payment information. Additionally, it collects “Information from Other Sources”, like log-in services (Google, Apple) and data from advertising partners. Additionally, DeepSeek’s privacy policy also states that it monitors interactions and usage across devices, analysing how people are using it. Under Section 6 of the DPDP Act, the principle of purpose limitation is reinforced, and the consent of the Data Principal is only limited to processing of such data as is necessary for the specified purpose. Thus, there is a possibility that DeepSeek contravenes this provision of the Act.
Another major concern is the fact that DeepSeek’s “partners” share data about your activities outside DeepSeek AI’s service, including purchases, websites visited, and identifiers like mobile IDs, hashed emails, and cookies. This raises potential issues of information being shared without user consent. As per Section 4 of the DPDP Act, consent is mandatory for processing data.
Section 16 of the DPDP Act lays down that data transfer to any country can be restricted by way of notification by the Central Government. If China is identified as a restricted country as per Section 16, such transfer of personal data to China may pose potential compliance challenges.
DeepSeek AI’s lack of clarity, especially regarding unspecified data retention periods, could possibly result in compliance issues.
Conclusion
DeepSeek’s rapid rise in the AI industry has introduced both technological advancements and regulatory challenges. While its cost-efficient and energy-saving models disrupt the dominance of U.S. AI firms, concerns over data privacy, security, and compliance persist. Moving forward, DeepSeek must address these regulatory concerns transparently to sustain its growth while ensuring compliance with evolving data protection frameworks.
Tsaaro Consulting, in collaboration with PSA Legal Counsellors and Advertising Standards Council of India, has authored a whitepaper titled ‘Navigating Cookies: Recalibrating Your Cookie Strategy in Light of the DPDPA’. If you want to learn more about cookie consent management, read the whitepaper by clicking here.
The Ministry of Electronics and Information Technology (MeitY) has released the Draft DPDP Rules, 2025 for Public Consultation!
Learn more about the Draft Rules here:
