Allegations Surface That DeepSeek AI Service Transmitted User Data from South Korea to China and the US, According to Watchdog
Concerns Over Data Privacy: South Korea Accuses DeepSeek
Allegations Against DeepSeek
On Thursday, South Korea’s Personal Information Protection Commission (PIPC) raised serious allegations against the Chinese AI service, DeepSeek. The commission claims that DeepSeek unlawfully transferred personal information of South Korean users to multiple companies in China and the United States without consent.
Details of the Allegations
Unauthorized Data Transfers: Prior to ceasing its operations in South Korea on February 15, DeepSeek reportedly transmitted user data to three companies based in China and one in the U.S. Seoul-based news agency Yonhap News has extensively reported on these findings.
Prompt Data Sharing: The PIPC discovered that the interactions users had with DeepSeek—specifically the content entered into its prompts—were shared with a Chinese firm.
- Lack of Transparency: DeepSeek’s privacy policy, which was available in both Chinese and English, has been criticized for not clearly outlining how user data would be destroyed or highlighting adequate safety measures.
Response from DeepSeek
In its communication with the PIPC, DeepSeek acknowledged transferring user information to a company known as Volcano. The company explained that it relied on Volcano’s cloud services to enhance its security and improve user experience. However, it admitted that this action was taken without the consent of the users.
Temporarily Halted Operations
As a result of increasing scrutiny over its data handling practices, DeepSeek has temporarily suspended its services in South Korea. The firm stated that it ceased any new data transfers as of April 10, following the PIPC’s comments that these transfers were unnecessary.
China’s Position on Data Security
In response to the allegations, the Chinese Foreign Ministry asserted that China takes data privacy and security very seriously. Guo Jiakun, a spokesperson for the Ministry, emphasized that the Chinese government does not require companies or individuals to acquire data through illegal means. He criticized what he termed the "overstretched" interpretations of national security and cautioned against the political manipulation of economic, trade, and technological matters. He further stated that China "will resolutely protect the legitimate rights and interests" of its enterprises.
The Importance of Data Privacy
The situation with DeepSeek underscores the broader issue of data privacy that has become increasingly relevant in our interconnected world. Companies, especially those handling sensitive user information, must adopt stringent practices to protect user data and comply with local regulations. Here are some important points regarding data privacy for users and companies alike:
- User Consent: Companies should always seek explicit consent from users before collecting or sharing their data.
- Clear Communication: Privacy policies should be transparent, outlining how user data is collected, used, and stored.
- Data Protection Measures: Organizations must implement strong security measures to safeguard user information from unauthorized access and breaches.
- Legal Compliance: It is critical that companies adhere to local and international data protection laws to maintain user trust and avoid penalties.
As the debate over data privacy continues, the allegations against DeepSeek highlight the need for increased vigilance regarding how AI companies handle personal information. The case illustrates the challenges faced by international firms operating in diverse regulatory environments, making data privacy a vital area of focus for all stakeholders involved.
