Data Protection Officers and the Rise of State-Level AI Regulations: Oklahoma's Ban on DeepSeek

In the ever-evolving landscape of data protection and privacy, a recent development in Oklahoma highlights the growing intersection between artificial intelligence (AI) and state-level regulations. On March 24, 2025, Oklahoma Governor Kevin Stitt announced a ban on the Chinese AI app DeepSeek on all state-owned devices, citing security risks and data protection concerns.

State-Level AI Regulations

The ban on DeepSeek in Oklahoma is part of a broader trend of state-level actions addressing AI and data protection. As Data Protection Officers (DPOs), we must stay vigilant about emerging state regulations that may impact our organizations’ use of AI technologies.

Security Risks of AI Applications

Oklahoma’s decision was based on several key concerns, including:

1. Data collection and storage practices
2. Vulnerability to cyberattacks
3. Compliance issues with existing data protection regulations
4. Susceptibility to adversarial manipulation

These points serve as a reminder for DPOs to thoroughly assess the security implications of AI tools used within their organizations.

Cross-Border Data Flows

The ban specifically targets a Chinese-developed AI application, underscoring the ongoing tensions surrounding cross-border data flows. DPOs should be prepared to address concerns about data storage locations and international data transfers when implementing AI solutions.

Compliance with Multiple Regulations

Oklahoma’s ban cites potential conflicts with various data protection regulations, including FERPA, HIPAA, and IRS Pub 1075. This emphasizes the need for DPOs to ensure AI implementations comply with a complex web of federal, state, and industry-specific regulations.

Implications for DPOs

As Data Protection Officers, we must:

1. Stay informed about state-level AI regulations
2. Conduct thorough security assessments of AI tools
3. Ensure compliance with multiple data protection frameworks
4. Advise on the implications of using AI applications developed in other countries

The Oklahoma ban on DeepSeek serves as a reminder that the regulatory landscape surrounding AI and data protection is rapidly evolving. DPOs play a crucial role in navigating these changes and ensuring their organizations remain compliant and secure in their use of AI technologies.

Other links on the web

• Proposed State Privacy Law Update - March 24, 2025
• Data Protection Officer (DPO) Resource
• 51 Useful Data Protection Resources
• Proposed State Privacy Law Update - March 3, 2025
• Data Protection Officer Reference Library
• Privacy Laws Around the Globe
• Data Protection News Update - March 2025
• Five Main Tasks of the Data Protection Officer
• Principles of Privacy by Design
• Privacy Corner - March 2025
• Roles and Responsibilities of a Data Protection Officer
• How to Start a Blog
• US State Privacy Legislation Tracker
• The Future of Data Protection Officers in a Privacy-Focused World
• How to Write a Blog Post with Examples
• Oklahoma Bans Chinese AI App DeepSeek on State-Owned Devices
• Data Protection Officers in the US
• Top Cyber Security Blogs and Websites
• Data Protection Day 2025: Reflections, Challenges, and the Road Ahead
• Data Protection Officer