South Korea's data protection authority has concluded that DeepSeek, a Chinese artificial intelligence startup, collected personal information from local users and transferred it overseas without their consent.
The Personal Information Protection Commission issued written findings on Thursday in connection with a privacy and security review of DeepSeek.
It follows DeepSeek's removal of its chatbot application from South Korean app stores in February, as recommended by PICP. The agency stated that DeepSeek had agreed to cooperate on its concerns.
During DeepSeek's presence in South Korea, the company transferred user data to several firms in China and the United States without obtaining user consent or disclosing the practice, the PIPC said.
The agency cited one instance in which DeepSeek transferred data from user-written AI prompts, as well as device, network, and app information, to a Chinese cloud service platform called Beijing Volcano Engine Technology Co.
While the PIPC identified Beijing Volcano Engine Technology Co. as "an affiliate" of TikTok-owner ByteDance, the information privacy watchdog stated in a statement that the cloud platform "is a separate legal entity and has no relation to ByteDance," according to a Google translation.
According to PIPC, DeepSeek used Beijing Volcano Engine Technology's services to improve the security and user experience of its app, but then blocked the transfer of AI prompt information beginning April 10.
DeepSeek and ByteDance did not immediately respond to CNBC's inquiries.
The Hangzhou-based AI startup took the world by storm in January when it unveiled its R1 reasoning model, which outperformed Western competitors despite the company's claims that it was trained at a low cost and on less advanced hardware.
However, the app's growing popularity sparked national security and data concerns outside China, owing to Beijing's requirement that domestic firms share data with the PRC. Cybersecurity experts have also pointed out data vulnerabilities in the app and expressed concerns about the company's privacy policies.
PIPC announced on Thursday that it had issued a corrective recommendation to DeepSeek, including requests to immediately destroy AI prompt information transferred to the Chinese company in question and to establish legal protocols for transferring personal information overseas.
When the data protection authority announced DeepSeek's removal from local app stores, it indicated that the app would be made available again once the company implemented the necessary updates to comply with local data protection policies.
That investigation came after reports that some South Korean government agencies had prohibited employees from using DeepSeek on work devices. Similar bans have reportedly been implemented by other governments around the world, including Taiwan, Australia, and the United States.
We use cookies to ensure you get the best experience on our website. Read more...