South Korea fines Meta €14M for data privacy violations

0
55
South Korea fines Meta €14M for data privacy violations
South Korea fines Meta €14M for data privacy violations

South Korea said that Meta jeopardized the privacy of Facebook users by failing to comply with basic security measures.

On Tuesday, the South Korean supervisory authority fined Meta 21.6 billion won (14 million euros) for illegally collecting sensitive personal information of Facebook users, including data on their political views and sexual orientation, and passing it on to thousands of advertisers.

This is the latest in a series of penalties imposed on Meta by South Korean authorities in recent years as they tighten control over how the company, which also owns Instagram and WhatsApp, handles private information.

After a four-year investigation, South Korea’s Personal Data Protection Commission concluded that from July 2018 to March 2022, Meta illegally collected sensitive information about about 980,000 Facebook users, including their religion, political views, and whether they were in same-sex unions.

The company shared this data with about 4,000 advertisers.

Without special consent

South Korea’s privacy law provides strict protection for information related to personal beliefs, political opinions, and sexual behavior, and prohibits companies from processing or using such data without the express consent of the individual concerned.

The Commission stated that Meta collected sensitive information by analyzing the pages that Facebook users liked or the ads they clicked on.

The company categorized the ads to identify users interested in topics such as specific religions, same-sex and transgender issues, and issues related to North Korean fugitives, said Lee Yong-joon, the commission’s director who led the investigation into Meta.

“Although Meta collected this sensitive information and used it to provide customized services, they only made vague references to such use in their data processing policy and did not obtain specific consent,” Lee Eun-jung said.

Lee also noted that Meta jeopardized the privacy of Facebook users by failing to implement basic security measures such as deleting or blocking inactive pages. As a result, hackers could use inactive pages to spoof personal data and request password changes to other Facebook users’ accounts. According to Lee, Meta approved these requests without proper verification, leading to a data breach that affected at least 10 South Korean Facebook users.

In September, European regulators imposed a fine of more than $100 million (91 million euros) on Meta for a security lapse in 2019 when user passwords were temporarily available in unencrypted form.

Meta’s South Korean office said it would “carefully study” the commission’s decision, but did not provide further comment.

In 2022, the commission fined Google and Meta a total of 100 billion won (66 million euros) for tracking consumers’ online behavior without their consent and using their data for targeted advertising, the largest fine ever imposed in South Korea for violating the privacy law.

The Commission stated that both companies did not clearly inform users and did not obtain their consent to collect data about them as they used other websites or services outside their own platforms. It ordered the companies to provide a “simple and clear” consent process to give people more control over whether to share information about what they do online.

LEAVE A REPLY

Please enter your comment!
Please enter your name here