South Korea has raised significant concerns regarding the Chinese AI startup DeepSeek, accusing the company of sharing user data with ByteDance, the parent company of TikTok. According to the Personal Information Protection Commission (PIPC) of South Korea, the allegations are based on confirmation that DeepSeek has been communicating directly with ByteDance. This revelation has spurred the South Korean government to take immediate action, which included removing the DeepSeek app from both the Apple and Google app stores over the weekend, primarily due to worries about data protection and user privacy.
DeepSeek has gained international attention this year, particularly in January, when it became a significant player in the AI landscape. The app reportedly wiped billions off global financial markets, raising eyebrows specifically because of claims asserting that its AI model was developed at considerably lower costs compared to its American competitors, such as ChatGPT. Following its rapid rise, DeepSeek found itself at the forefront of app store charts across various countries, including the UK and the US. However, it has since fallen in rankings, now trailing behind ChatGPT in the UK market.
Despite the controversy, DeepSeek received over a million downloads in South Korea alone before its removal from the app stores. Existing users of the app can still access and utilize it through web browsers; nevertheless, the apprehensions surrounding user data privacy remain alarming. In February, a cybersecurity firm in the US indicated that there was potential data sharing occurring between DeepSeek and ByteDance, further escalating fears surrounding data security and privacy among users, both domestically and internationally.
The PIPC informed the Yonhap News Agency that while they have established a communication link between DeepSeek and ByteDance, they have yet to determine the specific data that was shared and the extent of this information transfer. The nature of these ties has reignited discussions among critics who have long claimed that China’s National Intelligence Law permits government access to data generated by Chinese firms. It’s a politically sensitive issue with serious implications for data privacy on a global scale.
ByteDance and its corporate structure matter in this conversation since the company is also backed by various global investors. This complicates the narrative, as some stakeholders point out that the same law that raises privacy concerns allows for corporate protections of resident data. Moreover, ongoing tensions regarding user data security were part of the rationale behind the US Supreme Court’s decision to uphold a ban on TikTok, which remains on hold until April 5 as discussions continue regarding possible resolutions.
Amid these unfolding events, cybersecurity firm Security Scorecard raised additional alarms. In a blog published on February 10, the firm pointed out concerning ties between DeepSeek and ByteDance-owned services. Their analysis indicated multiple direct references to ByteDance infrastructure within the DeepSeek app, suggesting deep integration with the company’s analytics and performance monitoring systems. Security Scorecard expressed concerns that user behavior and device metadata are likely being transmitted to ByteDance, along with identifying the transfer of data to domains associated with Chinese state-owned entities.
In light of these findings, the PIPC reiterated the need for users to be vigilant, advising them to avoid disclosing personal information while using DeepSeek. Additional steps have been taken, as South Korea joins several countries, including Australia and Taiwan, in restricting the use of DeepSeek on government devices to mitigate risks associated with potential data breaches. As scrutiny continues, reports and statements have been solicited from relevant entities, including ByteDance, DeepSeek’s parent company High Flyer, and South Korea’s PIPC, to respond to these serious allegations and concerns. This situation underscores the increasingly heated discussions around data ownership, privacy, and the implications of international relations on technological advancements and user safety.
