Deepseek AI Faces Scrutiny Over User Data Transfer to China,​ US

SEOUL, South Korea –⁣ Deepseek, a⁤ Chinese artificial intelligence​ platform, is under ⁣examination for allegedly transferring South Korean user data ​to⁢ companies in China and the United States without proper consent. The Personal Information ⁣Protection Committee (PIPC) revealed findings from a pre-status inspection on Thursday, April ⁢24, 2025, indicating potential‍ violations of privacy regulations.

Unauthorized Data Transfer ⁢Allegations

The‌ PIPC stated that‌ Deepseek,‌ which launched its domestic service on ⁣Jan. 15, 2025, and temporarily suspended operations amid privacy concerns, moved user‌ data to three Chinese companies and⁣ one U.S.firm before ‌its suspension on Feb. ⁤15. The committee alleges ⁢that ⁢Deepseek failed to obtain explicit consent for these transfers or adequately ‌disclose ‍the practice in its⁤ privacy policy.

Privacy Policy ​Deficiencies

According to the PIPC,‍ Deepseek’s privacy policy, available in both Chinese ⁢and english,⁢ lacked crucial ⁢details mandated‍ by South Korea’s Privacy Act.These omissions included specifics regarding data transfer procedures, methodologies, ‍and safety ​measures.

Data Sent to ‌ByteDance Subsidiary

The investigation further revealed that Deepseek transmitted user-generated prompts ⁤to Volcano, a subsidiary of ByteDance, the⁢ parent company⁤ of TikTok. ⁤In⁤ addition to ​prompt ⁤content, user⁣ device, ⁤network, and app information‍ were also reportedly transferred.

The ‌PIPC clarified that while Volcano is part of the ByteDance group, it operates as a ⁤separate⁢ corporate entity.

Lack of Opt-Out Provision

Like​ other AI platforms, Deepseek utilized user prompts for⁣ AI learning and advancement. however, ‍the initial service lacked⁣ an opt-out function, preventing users from excluding their ‌prompts from this process. Deepseek implemented this feature following intervention by the PIPC.

PIPC ⁤Recommendations

The ‌PIPC⁤ has recommended that deepseek instantly delete all user prompts transferred to Volcano. The committee also urged Deepseek to designate a domestic agent and enhance overall safety‌ measures within its personal information processing system.

if Deepseek accepts these recommendations within 10 days, it will be considered to have received a corrective‌ order under applicable law. The company ⁤would than be required to report its progress⁤ in implementing the ​recommended changes to the ​PIPC within 60 days.

Deepseek’s Response

Deepseek has⁣ submitted a revised Korean-language processing ‌policy to the PIPC, ⁤addressing the omissions ‌identified during the inspection. The company stated that it used Volcano’s cloud service to bolster security and improve user interface (UI)⁣ and user experience (UX). ⁢Deepseek acknowledged‍ that personal information was transferred to ‌Volcano without user consent.

Deepseek AI Data Privacy Concerns: Your⁣ Questions Answered

Are you concerned about the privacy of ⁣your data when using AI platforms? This article ​provides a clear overview of Deepseek AI’s recent data privacy issues, based on findings from the Personal Information Protection Committee (PIPC) in⁤ South Korea. We’ll break down the situation in a question-and-answer ⁢format⁢ offering clarity and ⁢valuable insights.

What is Deepseek AI and why ⁢is⁢ it in the news?

Deepseek is a Chinese artificial‍ intelligence platform ⁢that’s ⁢currently under scrutiny for alleged data privacy⁤ violations. The Personal Information Protection Committee ⁤(PIPC) in South Korea launched an investigation into the company after concerns were raised about how‌ it handled user ⁣data.

What prompted the PIPC​ investigation into Deepseek?

The PIPC’s investigation, initiated as a “pre-status inspection,” was triggered‌ by allegations that Deepseek transferred South Korean user⁢ data to companies located in China and the United States without obtaining proper consent. The ​PIPC’s primary⁤ concern revolves around potential violations of ​South Korea’s ‌privacy regulations.

When did Deepseek launch its domestic service, and what was the timeline of events?

Deepseek launched its domestic service ‍in South Korea on January 15, 2025. However, operations were temporarily‍ suspended on February 15, 2025, due to privacy concerns arising ⁢from the PIPC’s investigation.

What specific data transfers are being investigated?

The PIPC’s investigation revealed that ​Deepseek transferred user data to three Chinese companies and one U.S.-based ⁣firm.Details regarding the specific companies involved haven’t‍ been provided in the article, but ⁤the transfers⁣ raise concerns about unauthorized data sharing.

What type of user data was transferred?

The PIPC found that Deepseek transmitted user-generated prompts, along with other ‌types of personal information. The transferred data also included user device information, network data,⁢ and ‌app information.

Did Deepseek’s privacy policy meet the requirements of South Korea’s Privacy ‌act?

No. The PIPC found that Deepseek’s privacy policy had deficiencies. It lacked crucial details required by South Korea’s Privacy‌ Act. Critically, the⁢ policy‍ failed to specify data transfer⁢ procedures, methodologies, and the security measures in place to ⁢protect the‌ data.

To which company was user data primarily transferred?

Deepseek⁤ transmitted user prompts and associated data to Volcano, a subsidiary ‍of ByteDance, the parent⁤ company of TikTok.

Is Volcano a separate entity from⁢ ByteDance?

Yes. The PIPC clarified that although Volcano is​ part of the ByteDance ​group, it operates ⁣as a separate corporate entity. This distinction⁢ is vital when considering accountability for data handling practices.

Did Deepseek initially offer an opt-out option for data used in AI learning?

No.⁢ Deepseek initially lacked an ‍opt-out function,meaning users weren’t provided with a way to prevent their prompts from being used for AI learning and development. This function⁣ was later implemented following intervention by the PIPC.

What recommendations has ‌the PIPC made to Deepseek?

The PIPC has issued several recommendations:

1. Data deletion: Deepseek must promptly delete all user prompts transferred to volcano.
2. domestic Agent: Deepseek needs ‌to designate a domestic agent within South Korea.
3. Enhanced Security: Deepseek is urged ⁤to enhance overall safety measures within its personal information processing system.

What are the consequences ‌if Deepseek accepts⁤ these recommendations within⁤ 10 days?

If Deepseek accepts the PIPC’s recommendations within 10 days, it will be considered to have received a corrective order ⁣under the applicable law.

What happens after deepseek receives a corrective order?

Deepseek would then be required to report its progress‍ in implementing the recommended changes ​to the PIPC within 60 days.

what has been Deepseek’s response to the PIPC’s findings?

Deepseek⁢ has submitted a revised Korean-language processing ‍policy to the PIPC. The company acknowledged that personal information was transferred​ to Volcano without user consent. Deepseek stated it used Volcano’s cloud ⁢service ⁢to improve security and ‍enhance ‍the user interface (UI) and⁤ user experiance‍ (UX).

Why ⁢is this investigation notable for South Korea and AI users?

This ‍case highlights the evolving‍ challenges of data privacy in the age of AI. It emphasizes the importance of transparency,obtaining explicit consent,and robust ⁣data security measures for AI platforms,particularly those operating across different countries and data transfer protocols.

Summarizing⁢ Key ‌Concerns

Here’s a concise summary of the main issues:

Issue	Details
Unauthorized‌ Data‍ Transfer	Deepseek transferred⁤ user ‍data to Chinese ‍and US⁣ companies without explicit consent.
Privacy ⁤Policy‌ Deficiencies	The privacy policy lacked crucial details required by South Korean law regarding data transfer procedures,⁣ methodologies and safety ⁣measures.
Data Sent to ByteDance Subsidiary	User prompts‍ and related data were transferred to Volcano, a ByteDance subsidiary.
Lack of Opt-Out	Users initially lacked the ability ​to opt-out of their​ prompts being used for AI learning.