South Korea imposed a massive fine of 21.62 billion won or around $15.67 million USD on Meta Platforms, the owner of Facebook, for collecting the sensitive data of millions of South Korean users and sharing them with other parties without explicit permission.
The blow came huge as the Personal Information Protection Commission (PIPC), the data protection agency of the country declared the decision.
Meta Allegedly Breached User Privacy
According to the PIPC, Meta collected information about around 980,000 Facebook users in South Korea. The information collected was beyond just standard data and included some sensitive personal details such as the political and religious beliefs of its users, and sexual orientation among others.
However, the company did not seek explicit consent while collecting this information. A move against South Korea's strict data privacy laws.
The data was then passed on to about 4,000 advertisers, who then used it to customize ads for these users, raising even more concerns over the possible misuse of highly personal information. This is an eye-opener for other nations concerned about user data—and how tech giants collect and monetize them.
Read More: Meta Bans Russia State Media Amid Growing Concerns Over Propaganda: Here's How Kremlin Responds
Data Categorization and Privacy Violations
The investigation found that Meta categorized users based on specific personal details, such as their religious beliefs, political leanings, and even sensitive identities like being North Korean defectors or identifying as transgender. Such detailed user categorization can significantly impact user privacy, especially when the individuals have not given informed consent.
In response to the findings, Meta's Korea division has chosen not to comment on the matter. However, this fine highlights the importance of transparency and user control over personal data—a critical focus for South Korea's data protection laws.
Denial of User Access to Personal Information
The PIPC also noted that Meta failed to honor users' requests to access their own personal information stored on the platform. In South Korea, users have the right to view, access, and control their data on digital platforms.
However, the agency reported that Meta declined requests from users to review their own information, thereby violating South Korea's Personal Information Protection Act.
Furthermore, the agency stated that Meta had failed to protect data from hackers, with information on around 10 South Korean users reportedly leaked during a cyberattack. This lack of security measures has led to concerns about Meta's handling of user data on a global scale.
The fine from South Korea marks the latest in a series of challenges Meta has faced globally concerning its data privacy practices. The company has been under scrutiny in several countries for how it handles user data, with regulators in Europe and the United States also pushing for stricter oversight and larger penalties for privacy violations.
With this recent fine, South Korea's PIPC has sent a strong message to Meta and other tech giants, emphasizing the need to adhere to stringent data protection standards.
"While Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent," Lee Eun Jung, a director at the commission who led the investigation on Meta, told The Associated Press.
The Importance of Compliance with Privacy Laws
With this latest fine, Meta should take note that bypassing other country's policies comes at a price. The company should take proactive measures to ensure compliance the next time it collects users' data.
South Korea knows that tech giants will take advantage of this—and they will ditch the need for transparency and respect for user content when handling sensitive information.
In light of this fine, Meta may face further scrutiny in other markets, potentially leading to more stringent policies and internal reforms to align with privacy expectations worldwide.
Back in July, Brazil banned Meta from gathering user data for AI training.