April 30, 2025 - An artificial intelligence app developed in China is under fire again—this time for privacy violations that have drawn attention not only in South Korea but also in the United States, where lawmakers are investigating the app's conduct under domestic data protection laws.

DeepSeek, a Chinese AI chatbot platform, launched with massive fanfare in early 2025 as a low-cost competitor to industry leaders like ChatGPT. But that excitement quickly turned to alarm after cybersecurity analysts discovered the app was quietly transferring sensitive user data to companies in China and the U.S.—without notifying users or gaining their consent.

In South Korea, the country’s data privacy watchdog, the Personal Information Protection Commission (PIPC), launched a formal investigation and suspended downloads of the app in February. Officials said DeepSeek sent personal data—including device details, network information, and even the content of AI queries—to Chinese tech firms linked to ByteDance, as well as to a U.S.-based company.

Between mid-January and mid-February, the app reportedly gathered information from as many as 1.5 million South Korean users, with no age verification system in place and no option to opt out of data sharing. The PIPC said DeepSeek’s actions violated multiple provisions of South Korea’s Personal Information Protection Act, especially concerning data transfers to foreign entities and protections for minors.

The situation has escalated into a diplomatic flashpoint. China accused South Korea of politicizing AI and claimed its companies respect international privacy standards—despite DeepSeek admitting it violated Korean privacy law. Chinese officials suggested that Seoul was acting under U.S. pressure, pointing to an earlier U.S. House report that flagged DeepSeek for censorship aligned with Chinese Communist Party ideology.

Back in the U.S., members of Congress are now taking a closer look. The House Energy and Commerce Committee is investigating whether DeepSeek’s practices may violate American laws, including the Children’s Online Privacy Protection Act (COPPA) and the California Consumer Privacy Act (CCPA). Both laws impose strict requirements on how companies collect, share, and store personal data—especially when it involves minors or transfers to third parties.

DeepSeek’s apparent failure to obtain informed consent, disclose foreign data recipients, or provide opt-out controls could make it noncompliant under these U.S. laws. In particular, COPPA prohibits collecting personal data from children under 13 without verifiable parental consent, and CCPA requires transparency and control over how personal data is sold or shared.

Though DeepSeek has since updated its privacy policy and resumed downloads in South Korea, the episode has raised global concerns about how AI platforms handle sensitive user information. For American consumers, the case serves as a stark reminder that using low-cost or foreign-built digital tools may come with hidden tradeoffs—especially when privacy protections are weak or unclear.

As lawmakers in Washington continue their investigation, the DeepSeek controversy could become a key example in the push for stronger, national data privacy legislation in the United States.

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow ACCESS