DeepSeek, a Chinese AI company, has been accused of sharing customer data with TikTok’s Chinese owner.
“We confirmed DeepSeek communicating with ByteDance,” the South Korean data protection regulator told Yonhap News Agency.
The country had already removed DeepSeek from app stores over the weekend over data protection concerns.
The Chinese app caused shockwaves in the AI world in January, wiping billions off global stock markets over claims its new model was trained at a much lower cost than US rivals such as ChatGPT.
Since then, multiple countries have warned that user data may not be properly protected, and in February a US cybersecurity company alleged potential data sharing between DeepSeek and ByteDance.
DeepSeek’s visible overnight success led to its ascendancy in the UK, US, and many other countries around the world, but it now ranks far below ChatGPT in the UK positions.
It had been downloaded more than a million days in South Korea before being pulled from Apple and Google’s App Stores on Saturday night.
Existing users can still use the software through a web browser and entry it.
The Personal Information Protection Commission, a body overseeing information transfers, stated to South Korean newspaper Yonhap News Agency that it was still” confirming what information was transferred and how much” despite the existence of a connection between DeepSeek and ByteDance.
Critics of the Chinese state have long argued its National Intelligence Law allows the government to access any data it wants from Chinese companies.
However, ByteDance, headquartered in Beijing, is owned by a number of global investors – and others say the same law allows for the protection of private companies and personal data.
One of the arguments that the US Supreme Court upheld was that ByteDance’s subsidiary, TikTok, was concerned about customer information being sent to China.
The US ban is on hold until 5 April as President Donald Trump attempts to broker a resolution.
Cybersecurity company Security Scorecard published a blog on DeepSeek on 10 February which suggested “multiple direct references to ByteDance-owned” services.
” These recommendations suggest strong integration with ByteDance’s analysis and performance tracking infrastructure”, it said in its assessment of DeepSeek’s Android software.
Security Scorecard expressed concern that along with privacy risks, DeepSeek “user behaviour and device metadata]are ] likely sent to ByteDance servers”.
Additionally, it discovered that information was “being transmitted to regions connected to Chinese state-owned companies.”
On Monday, South Korea’s PIPC said it “found out traffic generated by third-party data transfers and insufficient transparency in DeepSeek’s privacy policy”.
It acknowledged that DeepSeek had broken North Korean privacy regulations and that it was cooperating with the controller.
However, the regulation advised users to “exercise caution and avoiding personal info entering into the chatbot.”
South Korea has previously acted to outlaw DeepSeek from government products, joining Australia and Taiwan in this regard.
The BBC has contacted the PIPC, ByteDance and DeepSeek’s family business, High Flyer, for a reply.