Home > Business > Tech

Korea to question DeepSeek regarding data protection, security policies

Published: 02 Feb. 2025, 18:58

SHIN HA-NEE
[email protected]

The logo of DeepSeek is displayed alongside its AI assistant app on a mobile phone. [REUTERS/YONHAP]

Korea’s privacy watchdog has become the latest authority to probe DeepSeek's data protection policies after the Chinese startup's latest ChatGPT competitor shot to the top of the App Store earlier this week.

The Personal Information Protection Commission (PIPC) said on Friday that it would send an official questionnaire to DeepSeek “as soon as possible,” regarding the company’s personal data gathering and management methods.

DeepSeek collects users’ names, dates of birth, email addresses and phone numbers for the purpose of AI training, according to its privacy policy, which are stored “in secure servers” located in China.

DeepSeek also stated that it may collect “text or audio input, prompts, uploaded files, feedback, chat history or other content,” from users, which the company may share with third parties such as enforcement agencies and public authorities if necessary.

Personal Information Protection Commission Chair Ko Hak-soo speaks during a press briefing at the government complex in central Seoul on Jan. 16. [YONHAP]

The PIPC will look into any potential breaches of privacy regulations and request additional clarification regarding the purpose of data collection. The privacy regulator will open an investigation if it identifies any issues in the company’s response.

DeepSeek has been facing mounting questions and security concerns from authorities worldwide following the dramatic debut of its latest low-cost AI model.

Wiz, a New York-based cloud security company, identified a publicly accessible ClickHouse database, “completely open and unauthenticated, exposing sensitive data,” according to its blog post published on Thursday.

“The exposure includes over a million lines of log streams containing chat history, secret keys, back end details and other highly sensitive information,” wrote Gal Nagli, who leads external exposure research at Wiz.

“The Wiz research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure.”

Such an exposure poses a critical risk to both DeepSeek and its users, noted Wiz, as attackers could have access to sensitive logs and potentially exfiltrate proprietary information directly from the server.

French authorities, as well as regulators from Italy, Britain, Ireland and Australia, are also questioning DeepSeek regarding potential security risks.

Garante, the Italian Data Protection Authority, launched an investigation into DeepSeek and blocked the app in the country on Thursday.

“The Italian Data Protection Authority has ordered, as a matter of urgency and with immediate effect, the limitation on the processing of Italian users' data against Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, the Chinese companies that provide the DeepSeek chatbot service,” said Garante in a release.

“The limitation order — imposed to protect Italian users’ data — follows the companies’ communication received today, whose content was deemed entirely unsatisfactory,” the agency said, stating that the companies’ claims that they do not operate in Italy and therefore are not subject to European legislation were “contrary to what was found.”

British officials are also looking into the “national security implications” of DeepSeek, Politico reported Friday.

BY MOON HEE-CHUL, SHIN HA-NEE [[email protected]]