Overview

• South Korea's Personal Information Protection Commission (PIPC) concluded that DeepSeek transferred user data, including AI prompts, to companies in China and the U.S. without proper user consent.
• DeepSeek's privacy policy was found to lack key legal elements, such as data destruction procedures and safety measures, and was only available in Chinese and English at launch.
• The PIPC issued a corrective recommendation requiring DeepSeek to delete previously transferred AI prompt data and establish a legal framework for future cross-border data transfers.
• DeepSeek has pledged to cooperate with the recommendations, halted unauthorized data transfers as of April 10, and committed to publishing a compliant Korean-language privacy policy.
• The case highlights global concerns over data privacy and security risks associated with Chinese-developed AI, with similar restrictions imposed by Taiwan, Australia, and the U.S.