South Korean authorities, specifically the Personal Information Protection Commission (PIPC), have slapped Meta with a hefty fine of 21.6 billion won, equivalent to about $15 million, due to the unlawful gathering and sharing of user data with advertisers.
Findings from the Investigation
According to an Associated Press report, the investigation that lasted four years revealed that Meta had collected sensitive information from nearly 980,000 users without their consent. This data included delicate details like users' religious beliefs, political opinions, and information about same-sex relationships.
PIPC highlighted that the data collection occurred between July 2018 and March 2022, with Meta sharing this information with around 4,000 advertisers without any authorization. South Korea's privacy laws provide strong safeguards for personal data relating to individual beliefs, political opinions, and sexual orientation, and forbid companies from using or processing such information without explicit consent from the user.
Methods of Data Collection
The commission noted that Meta obtained this sensitive data through the analysis of user interactions on their platform and the advertisements that users engaged with.
Lee Eun Jung, the head of the investigation, stated to AP, “Even though Meta gathered this sensitive information for personalized services, their data policy only provided vague references to such usage and did not secure specific consent from the users.”
Security Concerns
Moreover, PIPC pointed out that Meta did not incorporate basic security measures on the platform. This negligence allowed hackers to exploit inactive pages to create fake identities and request password resets for other users on Facebook.
AP, Image Source
