South Korea Fines Meta for Illegally Collecting User Information

South Korea’s Personal Information Protection Commission (PIPC) fined Facebook’s parent company, Meta, over 21 billion Korean won (roughly 15 million USD), as announced on November 5th. This fine follows a PIPC investigation that found Facebook illegally collected and shared sensitive information of around 980,000 Korean users.

Using behavioral patterns, Meta collected legally protected information about its users, such as sexual orientation, gender expression, religious affiliations, and potential status as North Korean defectors. Furthermore, the PIPC found that Facebook shared that information with around 4,000 advertisers.

Under South Korea’s Personal Information Protection Act, organizations can only lawfully process such sensitive information with the user’s explicit consent. However, the PIPC found that Meta did not properly inform users about its data collection practices.

PIPC director Lee Eun Jung stated, “While Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent.”

The PIPC report also states that Facebook puts users’ privacy at risk by failing to implement basic security measures, such as blocking inactive pages. Hackers accessed the personal accounts of at least 10 South Korean citizens by gathering the information on such pages and using it to request account recoveries. The PIPC stated that Meta approved the recovery claims without sufficient authentication.

This isn’t the first time Meta has faced fines by the PIPC over privacy concerns. In 2020, the PIPC fined Meta over 30 billion won (around 21 million USD) for similar data gathering and disclosure violations.

Meta has recently faced legal trouble in other parts of the world. This includes challenges over its “pay or consent model” in the EU and a Massachusetts lawsuit addressing practices that encourage youth addiction.