The government slaps the second-largest fine on Zuck, as well as Netflix, and warns Google to be more transparent about privacy.
The Personal Information Protection Commission, South Korea’s government data protection watchdog, has issued reprimands or fines to Facebook, Netflix, and Google, as well as an order to take corrective action (PIPC).
Between April 2018 and September 2019, Facebook was ordered to pay 6.46 billion won (US$5.5 million) for creating and storing facial recognition templates of 200,000 local users without their consent.
Another penalty of 26 million won (US$22,000) was imposed for illegally collecting social security numbers, failing to issue notifications about personal information management changes, and other errors.
Facebook has been ordered to destroy or obtain consent for facial data collected without consent, as well as to stop processing identity numbers without a legal basis.
It was also ordered to destroy collected data and reveal contents related to personal data migration to other countries. The goal of Zuck’s creation was to make it easier for users to check legal notices about personal information.
Facebook denied the charge that it did not obtain permission before releasing the information. “We did obtain consent from people to use facial recognition on our services. However, the PIPC has determined that the control setting for face recognition may have been misunderstood by some people,” a Facebook spokesperson said.
The penalty is the organization’s second-largest ever, with the largest going to Facebook as well. The Social NetworkTM was fined 6.7 billion won ($5.7 million) in November 2020 for disclosing personal information to third parties without the consent of users.
Netflix was fined a meager 220 million won ($188,000) for collecting data from five million people without their consent, plus another 3.2 million won ($2,700) for failing to disclose the data’s international transfer.
Google was given the easiest time, receiving only a “recommendation” to improve its personal data handling processes and make legal notices more precise.
The PPIC stated that it is still investigating methods of collecting personal information from overseas businesses and that a legal review will be carried out.
The PPIC’s director of investigations and corrections, Song Sang-hoon, issued a warning to foreign companies in Korean, which reads:
We hope that overseas companies will obtain the consent of users according to domestic law when collecting and using personal information, and faithfully fulfil their statutory obligations.
The PPIC is no stranger to fining big tech companies in other countries for violations, but the fine imposed on Facebook is a record-breaking amount for the organization.
The PPIC fined Microsoft 16.4 million won (US$14,700) in June of last year. PPIC determined that Microsoft failed to have protective measures on administrative accounts, resulting in the leak of over 119,000 email accounts, 144 of which belonged to Korean residents, and that the leak was not announced in a timely manner.