The Personal Information Protection Commission (PIPC) of South Korea has accused the Chinese AI company DeepSeek of transferring user data and AI prompts without obtaining proper consent, violating the country’s data privacy regulations. The allegations, announced Thursday, raise concerns about international data transfers involving sensitive personal information.

According to the PIPC, DeepSeek, which launched its app in South Korea in January, transmitted personal data to companies in China and the United States without securing user approval. The data transfers reportedly included AI prompt content entered by users, along with device, network, and app data, which were sent to Beijing-based Volcano Engine Technology Co. Ltd.

The PIPC’s investigation began after it halted new downloads of the DeepSeek app in February. This decision followed the company's admission of failing to comply with certain data protection rules. DeepSeek explained that the data was transferred to Volcano Engine to improve user experience, but the company confirmed that this practice ceased on April 10.

In response to the violations, the PIPC has issued a corrective order requiring DeepSeek to delete any AI prompt content sent to Volcano Engine. Additionally, the company must establish a legal framework to ensure international data transfers comply with South Korea’s privacy laws.

DeepSeek has yet to comment on the allegations. This case underscores the increasing global concerns over data privacy and the transfer of personal information, particularly as AI technologies continue to advance. As regulators tighten oversight of tech companies, this incident could set a key precedent for how similar firms manage data privacy and user consent in the future.