SEOUL, April 24 (Reuters) - South Korea's data protection authority announced on Thursday that Chinese artificial intelligence startup DeepSeek transferred user information and prompts without permission. This revelation has raised significant concerns about data privacy and security in the digital age.
According to the Personal Information Protection Commission (PIPC), Hangzhou DeepSeek Artificial Intelligence Co Ltd did not obtain user consent while transferring personal information to various companies in China and the United States during its South Korean launch in January 2025. This lack of consent has resulted in serious repercussions for the company, as South Korea's data agency suspended new downloads of the DeepSeek app in February 2025 after the company acknowledged failing to comply with local regulations regarding personal data protection.
On April 24, the PIPC detailed that DeepSeek also sent content in AI prompts entered by users to Beijing Volcano Engine Technology Co. Ltd., along with device, network, and app information. This action was reportedly taken to enhance user experience, but it has drawn ire from regulators.
DeepSeek later informed the agency that it had blocked the transfer of AI prompt content starting April 10, 2025. The PIPC has since recommended that DeepSeek immediately remove any AI prompt content that had been transferred to Volcano Engine and establish a legal framework for transferring personal information abroad.
In a statement regarding the situation, China's Foreign Ministry responded by asserting that the Chinese government has not and will not ask companies to collect and store data illegally. This statement aims to address the growing concerns over data privacy and security that have emerged in the wake of DeepSeek's actions.
Meanwhile, the implications of this incident extend beyond South Korea. DeepSeek has faced bans in the United States, Taiwan, and Australia over similar data security concerns, highlighting a broader pattern of scrutiny facing Chinese tech firms in international markets.
In a related development, British meal delivery company Deliveroo disclosed on Friday that it received a proposal from U.S. peer DoorDash on April 5 to acquire all of its shares for £2.7 billion ($3.60 billion). This acquisition proposal comes as the meal delivery market continues to evolve, with companies vying for dominance amid changing consumer preferences and competitive pressures.
The situation surrounding DeepSeek is emblematic of the challenges that many tech companies face in navigating complex regulatory environments, especially when it comes to data privacy. As technology continues to advance, the need for robust data protection measures becomes increasingly critical.
As the PIPC moves forward with its recommendations, the future of DeepSeek in South Korea remains uncertain. The company will need to demonstrate compliance with local regulations and establish trust with users to regain access to the app market.
In conclusion, the ongoing scrutiny of DeepSeek serves as a reminder of the importance of user consent and data protection in the digital age. As companies like DeepSeek navigate these challenges, the implications for users and regulators alike will continue to unfold.
