Meta fined about 15 million USD by South Korea over sensitive data collection
Meta is fined about 15 million USD by South Korea, it has collected sensitive information like religion, sexual orientation, etc. from users without proper consent.
South Korea has fined Meta for collecting sensitive data of the users and given it to the advertisers without users’ consent or any legal basis. Meta is slapped with a fine of 21.62 billion won or approximately 15.67 million USD.
In a recent Press release, South Korea’s data protection agency, The Privacy Data Protection Commission said, “The Personal Information Protection Commission (“PIPC”) held its 18th plenary meeting and reached a resolution to impose a penalty surcharge and administrative fine of KRW 21.6232 billion with correction orders on Meta Platforms, Inc. (hereinafter “Meta”) for its failure to comply with the Personal Information Protection Act (“PIPA”) on November 4, 2024.”
What is PIPA?
The PIPA (Personal Information Protection Act) specifies that processing of sensitive data, revealing ideology, political opinions, religious beliefs, etc., is prohibited. The sensitive data process is only allowed on a lawful basis while obtaining consent from users.
Investigation conducted by PIPA
According to South Korea’s data protection agency, The Privacy Data Protection Commission’s investigation the tech giant Meta has obtained sensitive information from about 980,000 Facebook users of South Korea about their religions, political opinions, sexual orientations whether they are transgender or same – sex marital status, etc. without seeking users’ consent.
Further this information was used by some 4000 advertisers. During PIPC’s investigation, PIPC got civil complaints about company rejecting the access for personal information and details of the data breach by the Hackers.
Further in PIPC’s investigation it was found Meta failed to do so as well as put additional safeguards in place for the collection and use of sensitive data for running tailored services. Meta displayed this practice in its data policy in a not explicit manner. During the investigations, the company took a self-regulatory action to stop collecting sensitive data from users’ profiles in August 2021 and destroy the advertising topics associated with such sensitive data in March 2022.
Administrative sanctions against Meta
After the Investigation against Meta, the PIPC levied an administrative fine on Meta for violation of PIPA and issued correction orders on Meta to have lawful basis for the processing of sensitive data and take remedial actions to safeguard the data.
Violations | Administrative Sanctions |
Restrictions on the processing of sensitive data (Article 23-1) | Penalty surcharge of KRW 21.613 billion |
Duty of safeguards (Article 29) | Administrative fine of KRW 10.2 million |
Access to personal information (Article 35-3) | Correction orders |
[The sanctions hold significance that foreign business operators providing services across the globe must adhere to the duties for processing sensitive data as stipulated in the PIPA, and they must uphold the rights of data subjects, such as allowing them to access his or her personal information.]