South Korea’s data privacy watchdog agency, the Personal Information Protection Commission (PIPC), said on Thursday that China’s DeepSeek artificial intelligence (AI) transferred user data to companies in China and the United States without obtaining proper consent.
DeepSeek is an AI platform whose debut in early 2025 rocked the tech world because it was developed at a fraction of the cost of competing products such as ChatGPT. DeepSeek was briefly one of the most downloaded apps in the world — before cybersecurity analysts pointed out it was a nightmare mix of user privacy violations and Chinese Communist Party censorship.
DeepSeek was only available for about a month in South Korea before the government banned it over privacy concerns. The PIPC quickly determined that the program was feeding user data to ByteDance, the controversial Chinese tech giant that created another infamously intrusive online product, TikTok.
PIPC in February asked the DeepSeek startup company to suspend further downloads of its product in South Korea pending the results of a full investigation and the Chinese company complied. The app was not technically banned, but South Korean users could no longer download it.
“The commission is in the stage of investigation whether DeepSeek poses any harm. A full-scale ban could be controversial before its liability is officially determined,” PIPC explained in February.
The Chinese government was enraged by South Korea’s action, accusing Seoul of “politicizing” AI technology and insisting that Chinese companies always honor foreign privacy rights and regulations — even though DeepSeek admitted it violated South Korea’s data privacy rules.
Chinese officials insinuated that South Korea was acting at the behest of the United States, as the U.S. House Select Committee on the Chinese Communist Party released a report in late January that found DeepSeek’s responses to user queries were heavily edited to conform to Chinese Communist ideology. DeepSeek is currently under investigation by the House Energy and Commerce Committee for data privacy issues and possible ties to the Chinese government.
South Korea’s investigation found that DeepSeek transferred data from up to 1.5 million users to three companies in China and one in the United States between January 15 and February 15, when downloads were suspended.
According to investigators, DeepSeek sent information about South Korean computers, networks, and software applications overseas, in addition to the content of the questions they asked the artificial intelligence.
PIPC said DeepSeek did not obtain user consent for these data transfers, or warn users about them in its privacy statement, and it did not employ age verification to ensure it was not taking data from children under 14 years of age. DeepSeek also failed to give users an “opt-out” to prevent their questions from being used in China’s artificial intelligence development.
PIPC gave DeepSeek ten days to accept recommendations that would bring it into compliance with South Korean data privacy laws, and another 60 days to implement them. The company claimed it has already addressed some of the issues. PIPC did not offer a timetable for when DeepSeek might be able to resume operations in South Korea.
