11 February 2025

Leiden University is following the government’s advice and banning the use of DeepSeek at the university and on its infrastructure. The information you share with this AI chatbot may not be secure and may be stored on servers outside the European Economic Area (EEA), where the protection of personal and sensitive business data cannot be guaranteed or where an appropriate level of protection in accordance with the General Data Protection Regulation (GDPR) cannot be guaranteed.

Why ban DeepSeek?

Using DeepSeek poses significant information security and privacy risks for the university and users of this chatbot. This is due to weak encryption and the possibility of data being stored on servers outside the EEA. Data entered in the app or web version of DeepSeek may be accessible to authorities and organisations outside the EEA that have other data protection and access regulations.

DeepSeek’s privacy policy also states that it collects not only the data you enter during a session but also metadata such as your IP address, location and interactions with other apps. The Dutch Data Protection Authority stresses that the personal data of DeepSeek users, possibly including Dutch users, is stored outside the EEA and that there are risks to this. Furthermore, the transfer of the personal data of European citizens to countries outside the EEA is only permitted under strict conditions, as set out in the GDPR.

What tools can you use?

Use safe tools or software to ensure our information and personal data are kept secure. Avoid using free applications and use tools approved by the university instead.

Questions?

If you have any questions about information security and privacy, contact the Information Security Officer or Privacy Officer at your faculty or department, or send your question to security@bb.leidenuniv.nl or privacy@bb.leidenuniv.nl.