Introduction

South Korea has raised serious concerns over the Chinese AI company DeepSeek, accusing it of transferring sensitive user information without proper consent. The Personal Information Protection Commission (PIPC) and the National Intelligence Service (NIS) found DeepSeek’s practices to be in violation of national privacy regulations. In this blog, we explore the top five privacy issues surrounding DeepSeek that users need to know.

1. Unauthorized Data Transfers to ByteDance Affiliates

According to official investigations, DeepSeek transferred personal information and user-generated AI prompts to Beijing Volcano Engine Technology Co. Ltd. and ByteDance — all without obtaining the necessary user consent. This triggered significant alarm in South Korea given ByteDance’s compliance obligations under Chinese law.

2. Collection of Sensitive Personal Data

South Korea’s NIS revealed that DeepSeek collected extensive personal information, including chat histories, device identifiers, keyboard input patterns, and app usage data. Such data could potentially identify users, raising major red flags about invasive surveillance risks.

3. Storage of South Korean User Data on Chinese Servers

It was found that South Korean user data was stored on servers located in China, making it susceptible to access under China’s cybersecurity laws. This lack of localized data storage violates South Korea’s standards for safeguarding personal data within its jurisdiction.

4. App Suspension in South Korea

As a result of these findings, South Korea suspended the DeepSeek app from being downloaded in February 2025. Authorities demanded that DeepSeek delete all previously transferred user-generated content and establish a legal basis for future data transfers.

5. DeepSeek’s Compliance Efforts and Future Outlook

Following regulatory pressure, DeepSeek has admitted to shortcomings in handling user data and appointed a local representative to ensure compliance with South Korean law. The company officially ceased transferring AI prompt data as of April 10, 2025, and pledged to reform its data management practices.

Conclusion

The DeepSeek incident highlights the growing importance of stringent data protection laws in an increasingly AI-driven world. Users must be vigilant about how apps handle their data, especially when it crosses international borders. South Korea’s decisive action serves as a reminder for tech companies: privacy is not optional. Stay tuned for more updates on AI regulations and user data rights.

Related Reading: South Korea’s New AI Data Protection Guidelines