South Korean Privacy Regulators Crack Down on Meta

The Recap

The Personal Information Protection Commission (PIPC) in South Korea imposed significant fines on Meta (formerly Facebook) due to violations of the country's Personal Information Protection Act (PIPA). Here's a summary of the key points:

1. Violation of Consent Requirements: PIPC found that Meta's practices regarding data collection and usage did not fully comply with South Korea’s data protection laws, particularly in obtaining explicit consent from users. Meta collected personal information for targeted advertising purposes without adequately informing users or obtaining proper consent.

2. Total Fines: In 2023, Meta was fined a total of ₩30.8 billion (approximately $24 million USD) for these violations. The fines were imposed for both Facebook and Instagram platforms, with Meta accused of collecting sensitive user data without sufficient transparency.

3. Inadequate Data Management: The PIPC criticized Meta's failure to provide users with clear and accessible options to manage their data preferences, such as opt-out mechanisms for personalized advertising, thereby breaching users' rights to control their own information.

These actions reflect an ongoing trend of stricter enforcement of data privacy regulations worldwide, with Meta facing significant penalties in multiple jurisdictions for privacy-related issues.

The Game Plan

If you are doing business in South Korea, take this as a signal to start focusing on compliance. Here are some questions to ask yourself:

1. Do I process the Personal Information of customers in South Korea?

2. Do I have remote employees in South Korea?

3. Do I have vendors who operate out of South Korea or store Personal Information in South Korea?

4. Do I get the appropriate consent from individuals?

If you are not clear on the answers to these questions, it is probably time to drill down on your data privacy practices.

Need Help?

Tap in Three-Point Law by emailing consult@threepointlaw.com.