South Korea’s Personal Information Protection Commission (PIPC) has accused Chinese artificial intelligence startup DeepSeek of transferring user data and AI prompts without obtaining proper consent. The allegations stem from DeepSeek’s operations during its launch in South Korea in January 2025, when its app was available for download in the country’s app market.
According to the PIPC, DeepSeek transferred personal information, including device, network, and app data, as well as user inputs in AI prompts, to Beijing Volcano Engine Technology Co. Ltd., a cloud service platform owned by ByteDance. The commission stated that DeepSeek failed to disclose these transfers in its privacy policy and did not seek user consent, violating South Korea’s data protection laws.
In February, South Korea’s data agency suspended new downloads of the DeepSeek app after the company acknowledged shortcomings in adhering to local regulations. DeepSeek later claimed that the data transfers were intended to improve user experience and address security vulnerabilities. The company also stated that it had blocked the transfer of AI prompt content as of April 10, 2025.
The PIPC has issued a corrective recommendation, directing DeepSeek to delete any previously transferred AI prompt content and establish a legal framework for cross-border data transfers. The incident has sparked concerns about data privacy and security, particularly in the context of international AI companies operating in jurisdictions with strict privacy standards.
China’s Ministry of Foreign Affairs responded to the allegations, emphasizing that the Chinese government does not and will not require companies to collect or store data illegally. The controversy highlights the growing scrutiny of data handling practices by AI companies and the challenges of balancing innovation with privacy protection.
