South Korea Fines Meta $15.7m For Illegally Sharing User Data With Advertisers

Over the last few years popular social media platforms, especially Instagram, WhatsApp and Facebook owner Meta, have been under the spotlight for breaching user privacy for numerous reasons.

These include sharing personal information with advertisers, intentionally making their social media platforms addictive to children, showing them inappropriate ads, and more.

Meta though admitted to its faults and tried to correct its ways. In some cases, this move became rather extreme.

In a bid to protect its users from harmful effects and content, Meta took strong measures that included disabling or suspending the accounts of minors.

However, this move didn’t go as intended, as the company began suspending the accounts of adults, incorrectly labeling them as minors. The company even stood by its decision despite receiving sufficient information about the account in question belonging to an adult.

Now, Meta has come under the scanner once again, this time in South Korea.

The company has been fined $15.67 million (or 21.62 billion won) by the South Korean government’s Personal Information Protection Commission (PIPC).

Following a four-year investigation, the data privacy watchdog found that Meta was illegally collecting sensitive personal information from Facebook users and sharing the details with over 4,000 advertisers.

As per a press release published by the PIPC on its website, Meta collected data from around 980,000 domestic users, where the information included their religious and political views, same-sex marital status, being a defector from North Korea, and more.

What Did The South Korea’s Government Agency Say?

 

• Through the press release, the South Korean government’s Personal Information Protection Commission said [translated], “The investigation found that Meta had previously collected sensitive information, such as religious and political views and same-sex marital status, of approximately 980,000 domestic users through Facebook profiles, and provided this information to advertisers, which was used by approximately 4,000 advertisers.”

• “Specifically, it was found that behavioral information, such as the pages that users ‘liked’ on Facebook and the ads they clicked on, was analyzed to create and operate advertising topics related to sensitive information (specific religions, homosexuality, transgenders, North Korean defectors, etc.)”

• “The Personal Information Protection Act stipulates that information on thoughts, beliefs, political views, sexual life, etc. is sensitive information that must be strictly protected, and in principle restricts its processing.”

• “However, it also stipulates that processing of such information is permitted only in exceptional cases where there is a lawful basis, such as when separate consent has been obtained from the information subject.”

• “However, Meta collected such sensitive information and used it for customized services, etc., but only vaguely stated it in the Data Policy and did not obtain separate consent and did not take any additional protective measures.”

Ahead of this, the PIPC also noted that Meta failed to secure out-of-service accounts, which allowed malicious actors to reset passwords using fake identification information.

This prompted the agency to mention that it will continue to monitor if Meta complies with its corrective order.

“While Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent,” said Lee Eun Jung, a director at the commission who led the investigation on Meta.

On the other hand, Meta didn’t provide much of a comment other than saying its South Korean office would “carefully review” the commission’s decision.

Do you think social media platforms such as Meta’s Facebook, Instagram, and others need to ensure they adhere to strict data privacy protection policies?

Let us know in the comments below!