South Korea’s Personal Information Protection Commission (PIPC) has concluded that DeepSeek, a Chinese artificial intelligence startup, improperly collected personal information from local users and transferred it overseas without obtaining their consent.
The PIPC released its findings on Thursday following an extensive privacy and security review of DeepSeek. This investigation follows the startup’s decision to remove its chatbot application from South Korean app stores in February, a move recommended by the PIPC. In response to the agency’s concerns, DeepSeek had pledged to cooperate fully.
During its operations in South Korea, DeepSeek was found to have transmitted user data to multiple companies in China and the U.S. without the necessary user consent or disclosure. This included sensitive information gathered from user-generated AI prompts, as well as device, network, and app details, which were transferred to the Chinese cloud service platform Beijing Volcano Engine Technology Co.
While the PIPC identified Beijing Volcano Engine Technology Co. as “an affiliate” of TikTok’s parent company, ByteDance, it emphasized that the cloud platform operates as a separate legal entity and is not directly related to ByteDance, according to translated statements from the agency.
DeepSeek asserted that it utilized services from Beijing Volcano Engine Technology to enhance the security and user experience of its application. However, following the PIPC’s findings, the startup halted the transfer of AI prompt data beginning April 10.
DeepSeek gained significant attention in January with the launch of its R1 reasoning model, which claimed to rival the performance of its Western counterparts despite being developed with lower costs and less advanced hardware.
The app’s rapid rise in popularity has sparked increasing national security and data privacy concerns globally, particularly given Beijing’s regulations mandating domestic firms to share data with the government. In addition, cybersecurity experts have raised alarms over potential data vulnerabilities in the app, alongside worries regarding DeepSeek’s privacy policies.