Chinese artificial intelligence startup DeepSeek has come under scrutiny for allegedly sharing user data with ByteDance, the parent company of TikTok. This revelation has ignited global debates over data privacy and the security of AI applications.
South Korea’s Investigation
South Korea’s Personal Information Protection Commission (PIPC) has been at the forefront of this issue. The PIPC discovered that the platform’s chatbot transmitted user data to ByteDance without obtaining explicit consent, a violation of South Korea’s data protection laws. An official from the PIPC stated, “We confirmed DeepSeek communicating with ByteDance,” but noted that the extent of the data transfer is still under investigation.
In response to these findings, South Korea has suspended new downloads of the DeepSeek app until the company complies with local privacy regulations. Existing users have been advised to exercise caution and avoid inputting personal information into the chatbot.
Technical Vulnerabilities Uncovered
Further compounding the issue, cybersecurity experts have identified significant vulnerabilities within the DeepSeek iOS application. Research indicates that the app transmits sensitive user data over unencrypted channels to servers controlled by ByteDance. This lack of encryption exposes user data to potential interception and misuse by malicious actors.
Additionally, the app reportedly employs outdated encryption methods, such as Triple DES, and stores sensitive information insecurely. These practices heighten the risk of data breaches and unauthorized access to user information.
Global Repercussions
The implications of DeepSeek’s data sharing practices have resonated worldwide. Several countries, including Australia and Italy, have taken measures to restrict or ban the use of DeepSeek on government devices, citing national security and data privacy concerns. These actions reflect a growing apprehension about the potential risks associated with AI applications developed by companies with ties to jurisdictions that may have different data protection standards.
DeepSeek’s Response
In light of the mounting concerns, DeepSeek has acknowledged certain oversights in adhering to local data protection laws. The company has expressed its commitment to cooperating with regulatory authorities and has appointed a local representative in South Korea to address the issues raised by the PIPC.
The DeepSeek incident underscores the critical importance of robust data protection measures in the rapidly evolving landscape of artificial intelligence. As AI applications become increasingly integrated into daily life, ensuring the privacy and security of user data remains paramount. This case serves as a stark reminder for both developers and regulators to prioritize data protection to maintain public trust in emerging technologies.