Summarize

Simplifying... Inshort

South Korea's Personal Information Protection Commission (PIPC) has fined Meta $15M for illegally collecting and sharing sensitive data of nearly 980,000 Facebook users with advertisers.
The data, which included users' religious beliefs, political views, and same-sex relationships, was gathered through analysis of pages liked and ads clicked on by users.
The commission criticized Meta for its vague data policy and lack of basic security measures, which led to data breaches.

Was a long read? Making it simpler...

Next Article

Meta collected data and shared it without user consent

Meta fined $15M in South Korea for collecting sensitive data

By Akash Pandey

Nov 05, 2024

05:01 pm

What's the story

South Korea's privacy watchdog has slapped a fine of KRW 21.6 billion ($15 million) on Meta. The penalty comes after the company collected and distributed sensitive personal data from Facebook users in the country without authorization. This also comes on the heels of a string of penalties against Meta by South Korean authorities, who have ramped up scrutiny over the company's handling of private information.

Investigation findings

Data collection practices under scrutiny

After a four-year investigation, South Korea's Personal Information Protection Commission (PIPC) concluded that Meta had illegally collected sensitive information from around 980,000 Facebook users. The data collected included information about users' religion, political views, and same-sex relationships. The commission noted that the unauthorized data collection occurred between July 2018 and March 2022.

Data distribution

Meta shared user data with advertisers

The PIPC revealed that Meta had shared the collected data with nearly 4,000 advertisers. This is a major cause of concern since South Korea's privacy law strictly safeguards information pertaining to personal beliefs, political views, and sexual behavior. The law prohibits companies from processing or using such data without the explicit consent of the individual concerned.

Information gathering

Data collection method and security lapses

The PIPC said Meta collected sensitive information by analyzing pages liked or ads clicked on by Facebook users. The company then used this information to categorize ads and determine user interests in specific topics like religions, LGBTQ+ issues, and more. Lee Eun Jung, a PIPC director said, "While Meta collected this sensitive information and used it for individualized services, they made only vague mentions of this use in their data policy and did not obtain specific consent," Lee said.

Security concerns

Meta's security measures criticized

The commission also slammed Meta for failing to implement basic security measures like removing/blocking inactive pages. This negligence enabled hackers to use inactive pages to impersonate identities and request password resets for other Facebook users' accounts. Meta approved these requests without due diligence, resulting in data breaches of at least 10 Facebook users in the country, Jung said.

Company reaction

Response and previous penalties

In response to the fine, Meta's South Korean office said it would "carefully review" the commission's decision. Meta has previously been fined for similar privacy violations. In 2022, both Google and Meta were fined a combined KRW 100 billion ($72 million) for tracking consumers' online behavior without consent and using their data for targeted ads.