South Korea’s data protection authority has determined that the Chinese AI company DeepSeek gathered personal data from local users and sent it abroad without their consent.
The Personal Information Protection Commission (PIPC) shared its findings on Thursday following a review focused on privacy and security concerning DeepSeek.
This announcement comes after DeepSeek removed its chatbot app from South Korean app stores in February, following recommendations from the PIPC. The agency noted that DeepSeek agreed to address its concerns.
While operating in South Korea, DeepSeek sent user data to various companies in China and the U.S. without getting the required consent from users or informing them about this practice, according to the PIPC.
The agency pointed out a specific instance where DeepSeek transferred data from user-generated AI prompts, along with device, network, and app details, to a Chinese cloud service called Beijing Volcano Engine Technology Co.
Although the PIPC mentioned that Beijing Volcano Engine Technology Co. is associated with ByteDance, the parent company of TikTok, the privacy watchdog clarified that the cloud service operates as a separate legal entity with no direct ties to ByteDance, based on a Google translation.
The PIPC reported that DeepSeek claimed it used services from Beijing Volcano Engine Technology to enhance the app’s security and user experience, but it later stopped transferring AI prompt data starting April 10.
DeepSeek and ByteDance have not yet responded to questions from CNBC.
The AI startup, based in Hangzhou, gained significant attention in January when it introduced its R1 reasoning model, which competes well against Western counterparts. The company claims this model was developed at a lower cost and with less sophisticated hardware.
However, the app’s increasing popularity raised national security and data privacy concerns beyond China, largely because of Beijing’s mandate for local companies to share data with the Chinese government.
Cybersecurity experts have also pointed out potential data risks associated with the app and expressed worries about its privacy practices.
On Thursday, the PIPC announced it had issued a corrective recommendation to DeepSeek. This includes demands to promptly delete any AI prompt data that was sent to the Chinese company and to establish legal procedures for transferring personal data abroad.
When the data protection authority ordered DeepSeek’s removal from local app stores, it indicated that the app could return once the company made the necessary changes to align with local data protection regulations.
This investigation came after reports that several South Korean government agencies prohibited employees from using DeepSeek on their work devices. Other countries, including Taiwan, Australia, and the U.S., have reportedly implemented similar restrictions.
Other Stories You May Like