South Korea’s Personal Information Protection Commission (PIPC) has levied a significant fine of 21.62 billion won ($15.67 million) against Meta for violating the country’s data privacy laws. The fine comes after an investigation revealed that Meta collected sensitive personal information from approximately 980,000 Facebook users without their consent. This data included details such as religious affiliations, political views, and sexual orientation, which Meta then shared with 4,000 advertisers. The PIPC accused Meta of illegally processing and utilizing this sensitive information to create targeted advertising topics, thus violating South Korea’s stringent data protection laws.
The data collected by Meta included information about users’ political preferences, religious beliefs, and even their sexual orientation, which were used to build profiles for advertisers. The company also categorized users based on behaviors such as the pages they liked and the ads they clicked on. The commission found that users were unknowingly categorized into sensitive groups, such as being a member of a specific religion, identifying as gay or transgender, or even being a defector from North Korea. These actions, according to the PIPC, were carried out without obtaining prior consent from users, making the practice illegal.
In addition to these violations, the PIPC also raised concerns about Meta’s failure to adequately protect users’ accounts. The regulator highlighted that Meta did not implement proper security measures for inactive accounts, allowing malicious actors to exploit weaknesses. Specifically, attackers were able to submit fake identification information and request password resets for inactive accounts. Meta reportedly approved these requests without sufficient verification, leading to the exposure of personal data belonging to at least 10 South Korean users.
Meta has expressed its intention to review the PIPC’s decision carefully. The company’s statement emphasized that it is committed to complying with local privacy laws, but it has not yet indicated whether it will appeal the fine. As the PIPC stated, it will continue to monitor Meta’s compliance with the corrective actions and ensure that global companies respect South Korean citizens’ privacy rights. This case serves as a reminder of the increasing scrutiny that large tech companies face regarding data privacy, particularly in regions with robust privacy regulations.
Reference: