South Korea’s data protection watchdog has accused Chinese AI startup DeepSeek of illegally transferring user data and AI prompt content without obtaining proper consent, in violation of the country’s privacy regulations.

The Personal Information Protection Commission (PIPC) issued a statement on Thursday alleging that Hangzhou DeepSeek Artificial Intelligence Co. Ltd. failed to secure user permission before transmitting personal information to companies based in China and the United States. The violations reportedly occurred during the company’s launch in the South Korean market in January, when its app was briefly available for download.

In February, South Korean authorities suspended further downloads of the DeepSeek app after the company acknowledged it had failed to comply with some of the agency’s data protection guidelines. A follow-up investigation revealed that DeepSeek had transmitted not only user data, but also AI prompt inputs—along with device, network, and app-related information—to Beijing Volcano Engine Technology Co. Ltd.

According to DeepSeek, the data transfer to Volcano Engine was intended to “enhance user experience.” The company later confirmed that the transfer of AI prompt content ceased on April 10.

As part of its enforcement action, the PIPC issued a corrective order requiring DeepSeek to delete all previously transferred AI prompt content and to implement a legal mechanism for any future international data transfers.

DeepSeek has yet to publicly respond to the accusations.

The case underscores growing global concerns over data privacy and the cross-border movement of sensitive information—particularly as artificial intelligence technologies become increasingly integrated into consumer-facing applications.