SEOUL, South Korea — In a move aimed at strengthening privacy protections in the country, South Korea's Personal Information Protection Commission has slapped social media giant Meta with a hefty fine of 21.6 billion won ($15 million) for its alleged mishandling of sensitive user data on Facebook.
Background
The commission's decision comes after a four-year investigation into Meta's practices, which concluded that the company had been collecting and sharing sensitive information about around 980,000 Facebook users without their consent. This includes details about their political views, religious beliefs, and sexual orientation.
Key Findings
According to the commission, Meta amassed this sensitive information by analyzing users' online behavior on Facebook, including the pages they liked or the ads they clicked on. The company then categorized these ads to identify users interested in specific themes, such as same-sex and transgender issues, or those related to North Korean escapees.
Security Concerns
The commission also found that Meta failed to implement basic security measures to protect user data, putting their privacy at risk. This included the company's failure to remove or block inactive pages, which hackers exploited to forge identities and request password resets for other Facebook users' accounts.
Previous Penalties
This is not Meta's first run-in with South Korean authorities over concerns about user data protection. In 2022, the commission fined Google and Meta a combined 100 billion won ($72 million) for tracking consumers' online behavior without their consent and using their data for targeted advertisements.
Other Notable Fines
In addition to this latest fine, Meta has faced other significant penalties from South Korean authorities in the past. In 2020, the commission hit Meta with a 6.7 billion won ($4.8 million) fine for providing personal information about its users to third parties without consent.
Global Implications
The latest fine against Meta underscores growing concerns globally about social media companies' handling of user data and their accountability to protect this sensitive information.
What's Next?
In response to the commission's decision, a spokesperson for Meta's South Korean office stated that the company would "carefully review" the fine. However, no further comment was provided at the time of writing.
Impact on Users
The impact of this fine on users will likely be minimal in the short term, as it primarily relates to Meta's practices and policies rather than the direct use of user data. Nonetheless, it serves as a reminder for social media companies to prioritize transparency and consent when handling sensitive information.
Experts' Views
According to Lee Eun Jung, a director at the commission who led the investigation into Meta's practices, "while Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent."
European Comparison
In a related development, European regulators recently hit Meta with over $100 million in fines for a 2019 security lapse that exposed user passwords. This highlights the global nature of concerns about social media companies' handling of user data.
Action Plan
The commission's decision emphasizes the need for social media companies to implement robust measures to protect users' sensitive information and ensure their consent is obtained before collecting or sharing such data. As a result, Meta will likely be required to review its policies and practices to address these concerns.
Conclusion
The fine levied against Meta by the Personal Information Protection Commission in South Korea underscores the importance of ensuring social media companies prioritize user privacy and consent when handling sensitive information. As this case continues to unfold, it is essential for both users and regulators alike to remain vigilant about these critical issues.