South Korea’s data protection authority has found that DeepSeek, a Chinese artificial intelligence app, was transferring users’ personal data to a cloud platform in China—without their permission.
The PIPC revealed that DeepSeek was sending device, network, and user input data without consent. This data went to Volcano Engine, a Beijing-based cloud service. This was happening while the app was still available for download in South Korea.
What DeepSeek Did Wrong
According to PIPC official Nam Seok, DeepSeek transferred user data to servers in China. It also sent data to servers in the U.S. However, the app did not get proper user consent and did not mention this data transfer in its privacy policy at the time of launch. Nam Seok told reporters,
“Initially, DeepSeek transferred personal data to companies located in China and the United States without obtaining users’ consent or disclosing this in the privacy policy at the time the service was launched. In particular, it was confirmed that DeepSeek transferred not only device, network, and app information, but also user inputs in AI prompts to Volcano Engine.”
South Korea Responds
The PIPC launched an investigation in February 2025. It suspended the app in South Korea until DeepSeek reviews its data practices. Following the investigation, they acknowledged that it had not fully considered South Korea’s data protection laws. According to Nam:
“DeepSeek acknowledged it had insufficiently considered Korea’s data protection laws, expressed its willingness to cooperate with the commission, and voluntarily suspended new downloads from domestic app markets.”
Global Concerns Around DeepSeek
DeepSeek’s AI chatbot R1 gained global attention in January 2025 for offering AI capabilities comparable to Western competitors but at a much lower cost. The app was downloaded tens of millions of times within just weeks after launch. However, concerns over user data privacy have surfaced in many countries. Besides South Korea, Italy, Australia, and several U.S. states have raised red flags or imposed restrictions on the app.
What Is Volcano Engine?
Volcano Engine is a Beijing-based cloud service platform owned by ByteDance, the parent company of TikTok. When asked about why user data was sent to Volcano Engine, DeepSeek responded (via Nam Seok):
“It was sent for the purpose of addressing security vulnerabilities and improving user interface and experience.”
DeepSeek’s Response So Far
DeepSeek has not issued a detailed public statement yet. In previous messages, the company claimed that user data was being stored on secure servers located in China.
The app’s rapid rise and the ongoing investigation highlight growing global tensions around data privacy and AI technologies, especially when it involves cross-border data transfers.
Also Read: DeepSeek AI Raises Alarms Over National Security Risks, Says US House Panel
