DeepSeek has again found itself in difficult waters as South Korea has formally suspended any new downloads of this Chinese artificial intelligence (AI) chatbot in the country, stating that the suspension will remain in place until necessary changes are made to the mobile app that complies with the country’s data protection regulations. This development follows a recent statement from South Korea’s National Intelligence Service (NIS), which criticized the service for “excessively” collecting personal data and using it to train its AI system.
The Personal Information Protection Commission (PIPC) confirmed that downloads have been paused as of February 15, 2025. However, users can still access the service over the web. PIPC said it has “identified some shortcomings in communication functions and personal information processing policies with third-party service providers” during their analysis of DeepSeek.
According to PIPC, DeepSeek has reportedly appointed a local representative. The company also admitted to having overlooked domestic privacy laws when launching the service in the country. The services will be resumed once the required improvements are made to comply with the Personal Information Protection Act.
Although no new downloads are allowed, the agency has advised the existing users to use the app cautiously and not provide their personal information in the app’s prompt until a final decision is put in place.
PIPC also plans to prevent the occurrence of similar issues in the future by strengthening compliance measures and enhancing guidance.
Along with the questions related to excessive data collection and sending network traffic to China, a number of other vulnerabilities were also identified in DeepSeek’s Android and iOS apps, adding to its list of problems. The app, apart from storing user credentials insecurely
allows unencrypted transmission of particular data to its servers, uses insecure Triple DES encryption compromising confidentiality, uses hardcoded encryption keys, and reuses initialization vectors.
Beijing, in its defence, has stated that it permits global internet companies to operate in the country, provided they comply with local laws and regulations. It has also emphasized that it would never require any company or individual to collect or store data in violation of the law.
