0
0
South Korea imposed a $15 million fine on Meta, Facebook’s parent company, for the unauthorised collection and sharing of sensitive user data, such as political affiliation and sexual orientation.
On Tuesday, South Korea’s privacy watchdog fined social media giant Meta 21.6 billion won ($15 million) for unlawfully collecting sensitive personal data from Facebook users, including information on their political views and sexual orientation, and sharing it with thousands of advertisers.
This is the most recent penalty imposed on Meta by South Korean authorities, who have intensified their oversight of the company’s practices regarding protecting private information.
Following a four-year inquiry, the Personal Information Protection Commission of South Korea concluded that Meta had unlawfully gathered sensitive personal information, such as religious affiliation, political opinions, and same-sex partnership status, from approximately 980,000 Facebook users between July 2018 and March 2022.
The company leaked the data to approximately 4,000 advertisers.
South Korea’s privacy law imposes strict limits on the handling of sensitive personal information, including religious beliefs, political views, and sexual orientation, requiring explicit consent before any processing or use.
The commission indicated that Meta accumulated sensitive information by scrutinising the pages that Facebook users favoured and the advertisements they engaged with.
Meta classified advertisements to discern users with interests in particular themes, such as specific religions, same-sex and transgender matters, and issues related to North Korean escapees, as explained by Lee Eun Jung, a director at the commission who spearheaded the investigation into Meta.
“While Meta gathered this sensitive information and employed it for individualised services, they provided only ambiguous references to this utilisation in their data policy and did not secure specific consent,” Lee stated.
Lee further asserted that Meta compromised the privacy of Facebook users by neglecting to implement fundamental security measures, such as the removal or blocking of inactive pages. Consequently, hackers could utilise inactive pages to fabricate identities and solicit password resets for the accounts of other Facebook users. Meta authorised these requests without adequate verification, resulting in data breaches impacting at least 10 South Korean Facebook users.
In September, European regulators imposed fines exceeding $100 million on Meta for a 2019 security lapse that resulted in the temporary exposure of user passwords in an unencrypted format.
Meta’s South Korean office offered a noncommittal response to the commission’s decision, promising to “carefully review” it without providing further details.
In 2022, the commission imposed fines totalling 100 billion won ($72 million) on Google and Meta for monitoring consumers’ online behaviour without authorisation and utilising their data for targeted advertisements, constituting the most substantial penalties ever levied in South Korea for breaches of privacy law.
The commission stated that the two companies had not explicitly informed users or secured their consent to collect data about them while they were utilising other websites or services beyond their platforms. The commission directed the companies to establish an “easy and clear” consent process to empower individuals with greater control over the sharing of information concerning their online activities.
In 2020, the commission imposed a fine of 6.7 billion won ($4.8 million) on Meta for disclosing personal information about its users to third parties without obtaining their authorisation.
