South Korea’s data protection authority has formally accused the Chinese artificial intelligence company DeepSeek of transferring personal data of South Korean users to entities in China and the United States without obtaining proper consent.
This revelation emerged following a comprehensive investigation by the Personal Information Protection Commission (PIPC), which disclosed its findings on April 24, 2025.
DeepSeek, which launched its AI chatbot service in South Korea in mid-January 2025, quickly gained attention for its R1 reasoning model, touted for delivering competitive performance against Western AI systems at a significantly lower development cost.
However, the app’s quick rise was soon overshadowed by serious privacy concerns. The PIPC found that until the service was suspended in February, DeepSeek had been transmitting user data—including inputs entered into AI prompts, device information, network details, and app usage data—to multiple companies overseas without user permission or adequate disclosure in its privacy policy.
A key recipient of this data was Beijing Volcano Engine Technology Co., a cloud service provider affiliated with ByteDance, the parent company of TikTok. The PIPC clarified that although Volcano Engine is legally distinct from ByteDance, it received sensitive user information from DeepSeek.
The Chinese firm reportedly utilised this data to address security vulnerabilities and improve the app’s user interface. Nevertheless, the PIPC deemed the transfer of AI prompt content unnecessary and instructed DeepSeek to cease such data sharing, which the company reportedly halted as of April 10, 2025.
The investigation also highlighted deficiencies in DeepSeek’s privacy policy, which was only available in Chinese and English and lacked clear protocols for data destruction and adequate safety measures. DeepSeek admitted to insufficiently considering South Korean data protection laws and expressed willingness to cooperate with the PIPC, voluntarily suspending new downloads of its app in the country pending compliance improvements.
South Korean government agencies had already prohibited employees from using DeepSeek on official devices amid rising security concerns. Similar restrictions have been reported in Taiwan, Australia, and parts of the United States.
In response to the allegations, China’s Ministry of Foreign Affairs reaffirmed its commitment to data privacy and security.
“We have never – and will never – mandate that companies or individuals collect or store data through unlawful methods,” spokesperson Guo Jiakun stated. The ministry also criticised what it described as the politicisation of technological and economic issues under the guise of national security.
The PIPC has issued a corrective directive to DeepSeek, demanding the immediate destruction of all AI prompt data transferred to Chinese entities and the establishment of lawful procedures for any future cross-border data transfers. The regulator indicated that the app could return to South Korean app stores once DeepSeek fully complies with local data protection standards.