South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

In a bombshell decision, South Korea's data privacy watchdog has slapped Meta with a staggering 21.62 billion won ($15.67 million) fine. The charge? Illegally harvesting sensitive personal information from Facebook users and sharing it with advertisers without their consent.

According to the Personal Information Protection Commission (PIPC), Meta secretly collected data on users' political views, sexual orientation, and religious affiliations from nearly one million Facebook users in South Korea. Shockingly, this sensitive information was handed over to a whopping 4,000 advertisers.

The PIPC revealed that Meta analyzed users' behavioral data, such as the pages they 'liked' and the ads they clicked on, to create targeted advertising topics. This sinister strategy categorized users by religion, sexual orientation, and even their status as North Korean defectors.

In a scathing statement, the agency condemned Meta for processing this data without a legal basis and without users' consent. The watchdog also exposed Meta's failure to secure inactive accounts, allowing hackers to request password resets using fake IDs, resulting in a breach affecting 10 South Korean users.

Meta's practices of gathering behavioral information and using it to create advertising topics related to sensitive personal information were highlighted as particularly egregious. The information gathered included data that could identify users' religion, sexual orientation, and political views, often derived from their interactions and engagements on the platform. This extensive and invasive data collection occurred without the explicit consent of the users involved, violating fundamental privacy rights.

The Personal Information Protection Commission (PIPC) criticized Meta not only for its unauthorized data collection but also for its lax security measures regarding inactive accounts. The watchdog uncovered that Meta allowed password resets for these accounts through fake identification submissions, leading to unauthorized access and a breach of personal information for 10 South Korean users.

The PIPC stated that it would continue to monitor Meta's adherence to its corrective order and vowed to enforce data protection laws rigorously. The commission emphasized that it would apply these laws without discrimination against global companies operating in South Korea, ensuring that the personal information of South Korean citizens is protected.

In response, Meta said it would "carefully review" the commission's ruling. This statement comes as Meta faces increasing scrutiny and pressure to reform its data handling practices globally. The company's commitment to reviewing the decision underscores the gravity of the situation and the potential implications for its operations.

This landmark decision by South Korea's data privacy watchdog sends a powerful message to global tech giants about the importance of adhering to privacy laws and the consequences of failing to protect user data. The fine and the stern warnings from the PIPC highlight the critical need for robust data protection measures and transparent practices in handling sensitive personal information.

Source: https://thehackernews.com/2024/11/south-korea-fines-meta-1567m-for.html

PS: For more updates like this, subscribe today at The Quill.