Meta Platforms, the parent company of Facebook, has been hit with a 21.62 billion won ($15.67 million) fine by South Korea’s Personal Information Protection Commission.
The penalty comes after an investigation revealed that Meta collected sensitive user data without legal authorization and shared it with advertisers.
The commission found that Meta gathered personal details, including religious beliefs, political opinions, and sexual orientation, from approximately 980,000 South Korean Facebook users without obtaining proper consent.
These sensitive data points were then leveraged by around 4,000 advertisers to target users more effectively.
How Meta analysed data
According to the commission’s statement on Tuesday, Meta analyzed users’ behaviour on Facebook, such as pages they liked and ads they clicked, to develop advertising themes based on their sensitive information.
- The profiling included labelling users as North Korean defectors, members of specific religious groups, or individuals identifying as transgender or gay.
- Additionally, the commission highlighted Meta’s refusal to honour users’ requests for access to their personal data and its failure to prevent a data breach that exposed information of about 10 South Korean users to hackers.
- Meta Korea has declined to comment on the ruling.
Global data privacy concerns
The case in South Korea is not an isolated incident, as global scrutiny over data privacy violations by tech giants continues to intensify.
In a separate but related matter, the Irish Data Protection Commission (DPC) recently imposed a €310 million fine on LinkedIn.
- The professional networking platform was found guilty of breaching the General Data Protection Regulation (GDPR) in its handling of user data for behavioural analysis and targeted advertising.
- The investigation into LinkedIn’s practices, initiated by the French Data Protection Authority, highlighted issues related to the lawfulness, fairness, and transparency of the company’s data processing activities.
- The DPC’s ruling, finalized on October 22, 2024, not only resulted in a hefty fine but also mandated LinkedIn to align its data processing operations with GDPR standards.
What you should know
- In July, Nigeria’s Federal Competiton and Consumer Protection Commission (FCCPC) and the Nigeria Data Protection Commission (NDPC) also imposed a $220 million fine against Meta Platforms Incorporated following a joint investigation into the company’s conduct, privacy policies, the operation thereof, and practices between May 2021 and December 2023.
- The final order highlighted Meta’s alleged infringements to include, denying Nigerian data subjects the right to self-determine; unauthorized transfer and sharing of Nigerian data-subjects personal data, including cross-border storage in violation of then, and now prevailing law; discrimination and disparate treatment and abuse of Dominance.
- These high-profile cases underline the growing global emphasis on protecting user data and ensuring that companies adhere to strict privacy regulations.
