South Korea’s personal data watchdog has accused a Chinese artificial intelligence firm, DeepSeek, of secretly exporting user data overseas without proper approval. The Personal Information Protection Commission (PIPC) revealed on Thursday that the company violated privacy laws when its app was made available in the country earlier this year.

According to officials, DeepSeek — operated by Hangzhou DeepSeek Artificial Intelligence Co. Ltd.—failed to secure user consent before transmitting personal details and AI prompt content to various entities in China and the United States. This breach reportedly occurred when the service launched in South Korea’s app market in January.

AI Input, Device Details Sent to Chinese Tech Firm

Regulators disclosed that DeepSeek relayed users’ AI-generated inputs, as well as data about their devices, networks, and app behavior, to a Chinese company named Beijing Volcano Engine Technology Co. Ltd. The company claimed it transferred this information to enhance the app’s performance and user experience.

However, following regulatory pressure, DeepSeek said it discontinued the transmission of AI prompt content to Volcano Engine on April 10.

South Korea Orders Company to Erase Data

In response to the findings, South Korea’s privacy authority has demanded that DeepSeek immediately erase all AI prompt data sent to Volcano Engine and comply with legal requirements for international data transfers going forward. Authorities stressed that no personal information should cross borders without explicit user permission and a legal basis for doing so.

The commission had already halted downloads of the DeepSeek app within the country in February, after discovering that the company failed to align with local data protection standards.

DeepSeek Remains Unresponsive

As of Thursday, DeepSeek had not issued any public response regarding the investigation or the mandated corrective steps. The company has also remained silent in the face of media inquiries.

China Defends Itself Against Allegations

Commenting on the case, China’s Foreign Ministry said that the Chinese government neither directs nor allows companies to engage in unlawful data collection or sharing. A ministry representative emphasized that China maintains a strict stance on data security and regulatory compliance.

Wider Concerns Over Foreign Tech Companies

This controversy adds to growing global skepticism surrounding foreign AI apps and digital platforms, particularly those based in China. Governments worldwide have become increasingly vigilant about how these services manage sensitive information, fearing that unauthorized data sharing could compromise user privacy or national security.

South Korea, which enforces some of the most comprehensive privacy laws in Asia, has taken a zero-tolerance approach to companies that mishandle personal data. The case involving DeepSeek underscores the country’s commitment to enforcing these rules, regardless of a firm’s origin.

Future Uncertain for DeepSeek in South Korea

It remains unclear whether DeepSeek will comply with the commission’s directives or face further penalties, including a possible permanent ban from the South Korean market. The outcome may hinge on how quickly and transparently the company addresses the violations.

This case serves as a cautionary tale to global AI developers: to operate in data-conscious markets like South Korea, full transparency and legal adherence are non-negotiable.