South Korea’s Personal Information Protection Commission (PIPC) has issued two large fines for privacy violations: a $50 million penalty for Google and $22 million for Meta.
The PIPC’s beef is that neither Google nor Meta properly obtain consent or inform users on how they collect and use data, particularly with regards to behavioral information used to predict interests for marketing and advertising purposes.
The data watchdog claims Google hides the setting screen to agree or disagree to collection methods and sets the default to “agree” while Meta only asks for agreement when a user creates an account and does so in unclear ways.
“Third-party behavioral information is obtained when users visit websites and apps other than the platform. Since it is automatically collected, it is difficult to predict which behavior performed on which website or app is collected,” said PPIC (in Korean).
Some 82 percent of Korean Google users and 98 percent of Korean Meta users allow the collection of information, PIPC said, leading to “a high possibility and risk of infringement of [user] rights.”
PIPC noted that in Europe, unlike Korea, Google obtained consent separately for the collection of behavioral information, customized adverts and personal information thus allowing the user to individually select how their data is stored.
Google reportedly said it had “deep regrets” and vowed to work with the commission. Meanwhile, both Meta and Google told media outlets they were considering challenging the ruling.
“While we respect the commission’s decision, we are confident that we work with our clients in a legally compliant way that meets the processes required by local regulations. As such, we do not agree with the commission’s decision, and will be open to all options including seeking a ruling from the court,” said Meta.
For its part, Google told The Register: “We disagree with the PIPC’s findings, and will be reviewing the full written decision once it’s shared with us. We’ve always demonstrated our commitment to making ongoing updates that give users control and transparency, while providing the most helpful products possible. We remain committed to engaging with the PIPC to protect the privacy of South Korean users.”
The company formerly known as Facebook is no stranger to fines from PIPC. In November 2020, it received a $5.7 million fine for passing on personal data to other operators without user permission. In August 2020, the company was fined $5.5m for creating and storing facial recognition templates of 200,000 local users without proper consent over a 17-month period in 2018 and 2019. ®