South Korea’s National Intelligence Service has uncovered that DeepSeek AI collects excessive amounts of personal data, including users’ keyboard input patterns, without authorization. The AI platform’s access has been blocked by several of South Korea’s government ministries, such as Finance, Defense, and Environment due to potential privacy violations. DeepSeek’s inability to handle data protection issues has put them under intense scrutiny because they transfer user data to Chinese servers. This data remains open to the Chinese government under their local laws.
The intelligence service also found that DeepSeek gives advertisers complete access to user information. Security concerns have pushed other countries to take protective steps. Australia and Taiwan have already put restrictions on DeepSeek’s operations. These actions show that countries worldwide worry about data protection and national security as AI technology advances.
DeepSeek Violates Privacy Standards
Table of Contents
Toggle“The rapid adoption of AI services without corresponding security is inherently risky.”
Source: Gal Nagli, Security researcher at Wiz
Security researchers at Wiz found a major data breach in DeepSeek’s infrastructure. The exposed ClickHouse database gave unrestricted access to internal operations. Attackers could view chat histories, system details, and operational metadata without any authentication.
Unauthorized Data Access
The security breach revealed critical flaws in DeepSeek’s system architecture. The database contained:
- Chat history and user interactions
- Backend system details
- API secrets and authentication keys
- Operational metadata and log streams
Advertiser Data Sharing Concerns
DeepSeek’s privacy policy shows extensive data collection practices. The platform collects information about users’ devices, keystroke patterns, IP addresses, and activity from other applications. Advertisers can access mobile identifiers, hashed email addresses, and cookie identifiers to track user behavior outside the service.
Cross-Border Data Transfer Issues
DeepSeek’s privacy policy states that all collected information is stored on servers located in the People’s Republic of China. The platform’s web login page has obfuscated computer script that links to China Mobile’s infrastructure. This state-owned telecommunications company cannot operate in the United States. Chinese law requires organizations to help with national intelligence efforts, which raises serious security concerns.
Government agencies have taken swift action. The U.S. Navy banned its personnel from using DeepSeek’s services. The Australian Department of Home Affairs ordered all DeepSeek products removed from government systems.
Also read: The Right Way of Collecting Data for Machine Learning
Government Officials Raise Security Red Flags
The National Intelligence Service (NIS) has issued an official security warning to government agencies. This warning triggered quick responses from South Korean ministries. Several government departments restricted access to DeepSeek’s AI platform.
Ministry Access Restrictions
Military computers with internet access can no longer use DeepSeek, following the Defense Ministry’s directive. The Trade Ministry also imposed temporary PC restrictions after DeepSeek failed to answer questions from the Personal Information Protection Commission.
Plans to block the AI service came from the Finance Ministry. The Environment Ministry also restricted platform access on their internet-connected computers.
South Korea’s state-run Korea Hydro & Nuclear Power blocked all AI services, including DeepSeek. The Foreign Ministry restricted DeepSeek access on computers linked to external networks.
These restrictions mirror global actions:
- Australia banned DeepSeek on all government devices based on security agency advice
- Taiwan restricted access for government departments
- U.S. federal agencies, including NASA and the Navy, limited the app’s use
The unification ministry banned undisclosed official data input into generative AI platforms since 2023, following NIS and interior ministry guidelines. Texas led U.S. states in banning DeepSeek on government devices.
Also read: Hackers Launch RDP Proxy Attacks to Steal Corporate Data
China Defends AI Giant Against Privacy Violations Allegations
The Chinese Foreign Ministry has defended itself against international allegations about DeepSeek’s data collection practices. He highlighted China’s dedication to promoting the inclusive development of artificial intelligence.
“China will firmly safeguard the legitimate rights and interests of Chinese companies.”
Source: Wang Wenbin, Chinese Foreign Ministry
The Chinese government’s key policy positions on AI development and data protection include
- Active promotion of AI transformation and state-of-the-art solutions
- Support for entrepreneurial independence
- Emphasis on AI safety and security
- Dedication to helping developing countries build AI capacity
The ministry’s statements addressed international concerns about DeepSeek’s data handling practices directly. These assurances conflict with the company’s privacy policy, which explicitly confirms data storage on servers in mainland China. The Foreign Ministry asked for stronger exchanges and cooperation in AI development. They advocate for an open, inclusive, mutually beneficial, and win-win development environment.
Also read: Bypassing the Chinese Firewall Without a Proxy: CacheBrowser’s Solution
Data Collection Sparks GDPR Concerns
The Italian data protection authority, Garante, has started a complete investigation of DeepSeek’s data handling practices. The watchdog monitors GDPR compliance and raises serious concerns about risks to millions of Italian citizens’ personal data.
European Privacy Standards
DeepSeek’s privacy policy is under intense scrutiny because the company stores user data on servers in China. The company fails to meet basic GDPR requirements in several ways:
- Users can’t exercise their data rights through a clear process
- International transfers lack sufficient safeguards
- Proper consent mechanisms don’t exist
- No Data Protection Officer has been appointed
- Processing activities aren’t properly recorded
Italian authorities acted decisively by blocking DeepSeek’s operations. French regulators have joined the investigation, and CNIL now asks about privacy violations that could lead to fines up to 4% of global turnover.
Belgian consumer protection groups have filed formal complaints about illegal data transfers. Ireland’s Data Protection Commission asks for answers about Irish citizens’ data processing, which shows growing concerns in the European Union. These investigations show how worried regulators are about AI technologies meeting strict European privacy standards, especially when data moves to countries outside the European Economic Area.
Also read: How to Prepare Effective LLM Training Data
Conclusion
The primary concern is that DeepSeek stores all collected user information on servers located in China, where it may be accessible to the Chinese government under local laws. This raises significant data security and privacy issues for users worldwide.
DeepSeek AI’s data collection practices fall short of GDPR requirements. The platform lacks clear processes for users to exercise data rights, proper consent mechanisms, and adequate safeguards for international data transfers, prompting investigations by European data protection authorities.
Italy’s data protection authority has launched an investigation and ordered an immediate block on DeepSeek’s operations. France’s CNIL has also announced its own inquiry, while Belgian consumer protection advocates have filed formal complaints about illegal data transfers. These actions reflect growing concerns about AI technologies’ compliance with European privacy standards.
How useful was this post?
Click on a star to rate it!
Average rating 0 / 5. Vote count: 0
No votes so far! Be the first to rate this post.
Tell Us More!
Let us improve this post!
Tell us how we can improve this post?