South Korea has imposed a 21.62 billion won ($15.67 million) fine on Meta Platforms, the parent company of Facebook, for unauthorized data collection practices. The country’s data protection authority, the Personal Information Protection Commission (PIPC), found that Meta collected sensitive data about nearly a million South Korean Facebook users and shared it with advertisers without explicit consent.
Uncovering Meta’s Data Practices
According to the PIPC, Meta gathered data on sensitive aspects of users’ lives, including religious beliefs, political views, and sexual orientation, from roughly 980,000 South Korean Facebook accounts. The commission emphasized that Meta’s collection and use of this information lacked proper legal consent from the users, a critical requirement under South Korean privacy regulations.
This data was then reportedly made accessible to approximately 4,000 advertisers who used it to create targeted advertising. Advertisers could thus identify users based on categories like religion, political alignment, or gender identity—a serious violation in the eyes of South Korean regulators.
How Meta Profiled Users
The PIPC’s findings revealed that Meta engaged in detailed profiling by analyzing user activity on Facebook, including pages they liked and ads they clicked on. This information was then used to create targeted advertising themes centered around sensitive categories. As a result, users could be classified based on their religion, whether they were North Korean defectors, or if they identified as transgender or gay—personal and potentially sensitive aspects of their lives.
Other Violations and Privacy Concerns
In addition to data collection and sharing violations, the PIPC also found that Meta refused user requests to access their own personal information. Furthermore, the commission noted that Meta failed to protect data properly, leading to a security breach that exposed data of about 10 South Korean Facebook users to hackers.
Meta’s Response and Implications for User Privacy
A spokesperson for Meta Korea declined to comment on the fine or the commission’s findings, leaving the company’s next steps uncertain. However, the fine underscores the importance South Korea places on data protection and users’ rights to privacy, especially concerning sensitive personal information.
Recent Fines Against Tech Giants Over Privacy Violations
Meta has faced several major fines globally for privacy violations. Recently, in Nigeria, The Federal Competition and Consumer Protection Commission (FCCPC) fined Meta $220m for Data and Consumer Rights Violations and in Ireland, the firm was fined €91 million following an inquiry into the company’s handling of user passwords.
In 2022, Meta agreed to pay $725 million as settlement to resolve a class action lawsuit related to the Cambridge Analytica data harvesting scandal.
