Editor’s Note: In a recent decisive move, South Korea’s Personal Information Protection Commission has imposed a substantial fine on Meta, following a rigorous investigation into the company’s data handling practices. This ruling signals intensified regulatory attention on data privacy and user rights, particularly concerning large tech corporations like Meta. For professionals in cybersecurity, information governance, and eDiscovery, this case illustrates the global push for robust data protection and the mounting consequences for entities that fail to adhere to privacy standards. As digital privacy issues take center stage worldwide, the South Korean commission’s actions highlight the vital need for clear consent and strengthened data security practices in the tech industry.
Industry News – Data Privacy and Protection Beat
Meta Faces Hefty Fine in South Korea for Data Collection Breaches
ComplexDiscovery Staff
South Korea’s Personal Information Protection Commission has concluded an extensive investigation into Meta, the parent company of Facebook, resulting in a 21.6 billion won ($15 million) fine for unauthorized data collection and use. This regulatory action is part of ongoing scrutiny by South Korean authorities regarding how major tech companies handle private user data, notably companies under Meta’s umbrella like Instagram and WhatsApp.
The investigation revealed that, over a span from July 2018 to March 2022, Meta unlawfully gathered sensitive personal data from approximately 980,000 Facebook users in South Korea. This data, encompassing insights into users’ religious beliefs, political inclinations, and sexual orientation, was collected without explicit user consent and subsequently shared with about 4,000 advertisers. Meta’s practices have raised significant legal concerns, as South Korean privacy laws stringently restrict the handling and dissemination of such sensitive information without direct consent.
Lee Eun Jung, the commission’s director and lead investigator, highlighted how Meta classified user interests by examining the pages liked and advertisements clicked on by Facebook users. “Meta collected this sensitive information and used it for individualized services, making only vague mentions of this use in their data policy without specific consent,” Lee stated. This approach not only represents a violation of privacy according to South Korean law but also exposes users to potential security threats.
Aside from the unlawful collection and distribution of data, Meta was also found to have compromised user privacy through inadequate security measures. By neglecting necessary security protocols such as blocking inactive pages, Meta inadvertently enabled hackers to misuse these accounts. This security lapse, as detailed by Lee Eun Jung, led to identity forgeries and unauthorized password resets that facilitated data breaches affecting at least 10 Facebook users in South Korea.
This is not Meta’s first encounter with fines related to personal data misuse. In 2022, Meta and Google were collectively fined 100 billion won ($72 million) by the same South Korean commission for accumulating and using consumer data without clear, informed consent for targeted advertising. These penalties stood as the largest ever imposed by South Korea for privacy law infringements, underscoring the regulators’ firm stance on data protection.
European regulators have similarly taken a tough stance against Meta. A security oversight in 2019, which exposed user passwords in an unencrypted form, resulted in fines exceeding $100 million. Such international incidents amplify the scrutiny on Meta’s approach to data security and user privacy.
The measures taken by the South Korean commission aim to compel tech giants like Meta to adopt more transparent data policies and robust security mechanisms. Meta’s South Korean office, maintaining a cautious stance following the commission’s ruling, has indicated a willingness to review the decision, though it abstained from providing specific comments. As digital landscapes continue to evolve, this case highlights the pressing need for robust privacy frameworks and transparent practices to safeguard user information in a digital age increasingly dominated by powerful technology conglomerates.
News Sources
- South Korea fines Meta $15 million for illegally collecting information on Facebook users
- South Korea Slaps Meta with $15.6M Fine for Data Violations
- PIPC, Korea
- South Korea’s PIPC Fines Meta for Unauthorized Use of Sensitive Data and Privacy Violations
Assisted by GAI and LLM Technologies
Additional Reading
- From Hacktivism to AI: ENISA’s 2024 Threat Report Unveils Evolving Cyber Dangers
- Hacker ‘Fortibitch’ Leaks Fortinet Data
- Halliburton Cyberattack Highlights Vulnerability of Critical Infrastructure
Source: ComplexDiscovery OÜ
The post Meta Faces Hefty Fine in South Korea for Data Collection Breaches appeared first on ComplexDiscovery.