South Korea Flags Data Breach by China’s DeepSeek AI Amid Privacy Concerns

China’s DeepSeek AI Under Fire for Data Privacy Breach in South Korea

In a world increasingly shaped by artificial intelligence, questions of data security and user privacy remain at the forefront of global debate. This week, those questions landed squarely on the desk of DeepSeek, a Chinese AI startup accused by South Korean regulators of transferring user information and sensitive AI prompt content without permission.

Unauthorized Data Transfers Spark Alarm

The Personal Information Protection Commission (PIPC), South Korea’s primary data privacy watchdog, announced on Thursday that Hangzhou DeepSeek Artificial Intelligence Co., Ltd. had failed to obtain proper user consent before transmitting personal data to several third-party companies in China and the United States. The alleged violations occurred when the DeepSeek app was still accessible for download in South Korea’s app marketplace earlier this year.

While DeepSeek has yet to state the matter, the South Korean authority did not mince words. According to the PIPC, the company not only mishandled user data but also transferred the content of AI prompts — essentially, the text inputs provided by users — to Beijing Volcano Engine Technology Co. Ltd., a move flagged as especially troubling. Alongside these inputs, device, network, and application data were reportedly shared without adequate notice or approval from users.

Regulatory Action and Suspension of Service

The case dates back to January, when DeepSeek first launched its AI-powered service in South Korea. However, by February, alarm bells had already begun to ring. South Korea’s data agency quickly suspended new downloads of the DeepSeek app, citing the company’s admission that it had overlooked compliance with some of the country’s strict personal data protection regulations.

In its latest statement, the PIPC disclosed that DeepSeek later informed the agency that the data transfers were meant to "improve user experience." Yet, the company admitted it had since blocked the transfer of AI prompt content as of April 10 — a move regulators say does not absolve the previous violations.

South Korea has now issued a corrective recommendation requiring DeepSeek to immediately delete any AI prompt data previously sent to Volcano Engine. Moreover, the company has been instructed to establish a lawful framework if it intends to transfer user data abroad in the future.

China Denies Involvement, Defends Corporate Practices

Reacting to the South Korean commission’s announcement, China's Foreign Ministry was quick to distance itself from the controversy. In a statement Thursday, ministry officials stressed that the Chinese government "has not and will never ask companies to collect and store data illegally."

This assertion mirrors Beijing’s broader attempts to assure global markets that Chinese firms operate independently of government surveillance — a claim that continues to face skepticism, especially amid rising tensions over tech policy and cybersecurity between China and Western nations.

AI Privacy at a Crossroads

The DeepSeek episode is not just a localized dispute between South Korea and a Chinese startup. It is emblematic of the broader challenges posed by AI technologies that rely on vast amounts of user data to function effectively. From training large language models to enhancing prompt accuracy, these systems often operate in legal gray zones when it comes to data consent and cross-border information flows.

The incident also underscores the growing assertiveness of regulatory bodies worldwide in holding AI companies accountable, regardless of their country of origin. As South Korea moves to tighten its grip on personal data protection, the case could serve as a precedent for how similar violations might be addressed globally.

While DeepSeek remains silent on the allegations, the company’s next steps, particularly how it responds to South Korea’s recommendations, will likely be scrutinized by regulators and privacy advocates across the AI landscape.