DeepSeek App Suspended in South Korea Amid Global Privacy Concerns

SEOUL, February 17, 2025 – South Korea has taken a decisive step in the growing global debate over AI-driven privacy risks by suspending the DeepSeek app from its domestic market. The Personal Information Protection Commission (PIPC), the country’s top data protection authority, announced that the app would no longer be available for download starting February 15, 2025, due to concerns over its handling of personal information. The suspension comes after a thorough review, which identified compliance failures under South Korea’s Personal Information Protection Act (PIPA), a regulatory framework designed to ensure strict safeguards for user data.

Regulators had been monitoring DeepSeek closely since its introduction to the Korean market, and by January 31, they had formally requested clarification on the app’s data collection and processing methods. As the investigation progressed, it became clear that DeepSeek lacked transparency regarding how user data was gathered and stored. Additionally, authorities flagged concerns over the app’s third-party data-sharing policies, which left open the possibility of misuse. Another significant issue was DeepSeek’s failure to conduct pre-launch compliance measures—an essential step required of AI-driven platforms operating in South Korea.

In response to mounting regulatory pressure, DeepSeek agreed to appoint a local representative on February 10, signaling its willingness to cooperate with South Korean authorities. However, as further discrepancies were uncovered, regulators advised the company to temporarily suspend its services while it worked to rectify compliance gaps. DeepSeek complied with the request, and by February 15 at 18:00 KST, the app was officially removed from app stores in South Korea. While there is no set timeline for its reinstatement, the PIPC has made it clear that DeepSeek will not be allowed back on the market until it fully aligns with national privacy laws.

The move in South Korea has had a ripple effect, drawing the attention of regulators in Europe and the United States, who are now also reviewing DeepSeek’s compliance with their own data protection laws. The European Data Protection Board (EDPB) has begun discussions on whether DeepSeek’s operations violate the General Data Protection Regulation (GDPR), which is widely regarded as one of the strictest privacy frameworks in the world. Italian regulators have raised specific concerns about whether user data collected through DeepSeek is being transferred outside the EU, particularly to China, without adequate safeguards. If the investigation determines that GDPR violations have occurred, DeepSeek could face steep financial penalties or even operational restrictions in Europe.

In the United States, lawmakers have taken a different approach, citing national security risks as their primary concern. Some members of Congress have already introduced proposals to ban DeepSeek from government-issued devices, a move that follows similar actions taken against other AI-powered applications. The concern lies in whether the app could be exploited for unauthorized data collection or potential foreign influence. As the U.S. pushes forward with new AI-related security policies, the case of DeepSeek could serve as an example of the government’s evolving stance on AI governance and data privacy.

This heightened scrutiny on DeepSeek is part of a much larger conversation surrounding AI and privacy in the digital age. Other major technology firms, including OpenAI, Microsoft, and Google, have also found themselves under regulatory review in recent months. The debate extends beyond DeepSeek’s specific case, highlighting growing concerns over how AI models collect, store, and utilize personal data. In California, LinkedIn is currently facing a class-action lawsuit alleging that it used private messages to train AI models without user consent, adding to the increasing pressure on tech companies to clarify their data practices.

Governments worldwide are now reconsidering whether current privacy regulations are sufficient to address the risks posed by AI’s rapid development. South Korea’s response to DeepSeek underscores the increasing likelihood that countries will adopt stricter regulatory frameworks to hold AI-driven services accountable. The PIPC has already signaled that it is looking into additional measures to prevent future compliance issues, including requiring AI-based platforms to pass a pre-launch privacy audit before entering the Korean market.

As investigations continue, DeepSeek now faces several possible outcomes. If the company successfully modifies its data processing policies and meets regulatory standards, it may be allowed to re-enter the South Korean market under strict oversight. However, if privacy concerns remain unresolved, the app risks permanent bans in multiple regions, significantly limiting its global reach. The case also raises an important question about the future of AI governance. If DeepSeek’s situation sets a precedent, stricter privacy laws could become the norm, requiring AI developers worldwide to comply with more rigorous legal frameworks before deploying their services.

This moment marks a fundamental shift in how AI technologies are regulated. For years, the industry has enjoyed rapid expansion with minimal interference from governments, but those days appear to be coming to an end. The decision by South Korean regulators sends a clear message to AI developers: compliance with data protection laws is not optional. Companies that fail to meet transparency and security standards risk being shut out of key global markets.

The coming months will be critical not only for DeepSeek but for the entire AI industry. The outcome of this case could influence how nations worldwide approach AI governance, shaping future regulations and compliance expectations for tech firms. As the world moves toward a privacy-first approach to AI, the question remains—will AI companies be able to adapt, or will they find themselves increasingly restricted in the name of user data protection?