South Korea Fines Meta $15 Million for Personal Data Violation

South Korea has fined Meta Platforms $15.67 million. South Korea’s fine on Meta came after the country’s Personal Information Protection Commission discovered that the tech giant was collecting sensitive information from users and sharing it with thousands of advertisers without consent.

According to AP News, Meta obtained information from about 980,000 Facebook users in South Korea. This information included the religion, sexual orientation, and political views of users.

Increased Scrutiny

South Korea has a privacy law that provides for strict protection of information relating to political views, personal beliefs, and sexual behavior. The law also bars companies from using or processing such data without the express consent of the person involved.

In recent years, South Korea has increased scrutiny on how Meta handles private information. Meta also owns the WhatsApp platform and Instagram. The Meta data collection fine is the latest penalty that the Asian country has imposed on the tech giant in recent years.

South Korea’s Personal Information Protection Commission has been investigating Meta for user data privacy violation for four years. The Commission concluded that the tech giant collected sensitive information from Facebook users between July 2018 and March 2022. According to the data protection watchdog, Meta shared user data with around 4,000 advertisers unlawfully.

Meta’s Targeted Service

South Korea’s data protection agency accused Meta of gathering sensitive data by analyzing Facebook advertisements that users clicked on or pages that they liked. The social media giant then categorized ads in specific themes that included North Korean escapees, transgender issues, same-sex issues, and specific religions. The tech giant used these categories to identify users who are interested in these themes.

“While Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent,” Lee Eun Jung, a Director at the Commission who led the Investigation on Meta said.

According to Jung, Meta did not implement basic security measures like removal or blocking inactive pages. This placed the privacy of Facebook users at risk, which paved the way for hackers to use inactive pages to fake identities and request password resets for other Facebook users.

According to the Commision, Meta approved the password requests without proper verification. This led to data breaches that affected about 10 Facebook users in South Korea. South Korea Meta office did not comment on the issue but said it will review the decision by the Commission carefully.

Big Tech Penalties

The latest fine from Meta privacy violations in South Korea isn’t the only penalty that the big tech is facing. In July 2024, a US court ordered the tech giant to pay a $1.4 billion settlement in the Texas facial recognition data lawsuit. The Metadata lawsuit was a result of unauthorized use of biometric data by Facebook.

In September 2024, the big tech was slapped with a $100 million fine by European regulators for a security lapse that exposed user passwords temporarily in 2019. In 2022, the Data Privacy Commission in South Korea fined Google and Meta $72 million for monitoring consumer behavior online without their consent and using that data to target them with ads.

According to the Commission, the two big techs failed to obtain user consent to gather their data. The two companies were directed to provide a simple and clear consent process to users to give them more control over their data.