South Korea fines Meta over privacy breaches in Facebook data use

South Korea’s Personal Information Protection Commission has fined Meta 21.6 billion won (€14 million) for collecting sensitive personal information from Facebook users without explicit permission. The privacy watchdog revealed on Tuesday that Meta had collected data on users’ political views, religion, sexual orientation, and other private matters. This information, obtained from the pages users liked or the ads they clicked on, was shared with approximately 4,000 advertisers.

The investigation, which took four years to complete, showed Meta collected sensitive data from around 980,000 South Korean Facebook users between July 2018 and March 2022. These details were used to tailor ads targeting individuals based on their interests, including same-sex issues, religious affiliations, and political views, without clear, specific consent.

South Korea’s privacy laws strictly protect such information, forbidding companies from using it without explicit approval from users. Lee Eun Jung, a director at the commission, noted that Meta’s data policies did not clearly disclose this use, putting user privacy at risk.

The commission also found that Meta neglected basic security practices, allowing hackers to misuse inactive accounts to reset passwords and access other accounts. This led to breaches affecting at least 10 South Korean users.

In response, Meta’s South Korean office stated it would review the decision. This fine follows a larger €66 million penalty on Meta and Google in 2022 for similar violations, highlighting South Korea’s increasing scrutiny of tech giants and their handling of user data.