S.Korea fines Facebook, Netflix over privacy infringement

South Korea’s privacy regulator Personal Information Protection Commission (PIPC) has fined major global platform companies for their infringement of personal information laws in the country.

Facebook was fined 6.5 billion won ($5.6 million) at PIPC’s general meeting held on Aug. 25 as the top violator of personal rights among the global tech firms, having breached six articles of the South Korean Personal Information Protection Act.

Facebook’s major violation was the collection of facial information between April 2018 and September 2019, without the user’s agreement, to create face recognition templates. Facebook used the templates to identify and display the names of the individuals in the photographs uploaded on its social media platform.

The five other illegal activities by Facebook included illegally collecting social security numbers, not notifying the users when changing the personal data management entity, not disclosing information when consigning personal data processing work to a third party, not disclosing information regarding the overseas transfer of personal data, and failure to submit reference materials when asked by the PIPC.  

Netflix was also fined 220 million won ($190,000) for illegally collecting personal data before the users complete their subscription procedures, and transferring personal information outside South Korea without disclosure.

The PIPC also issued correction orders to Facebook and Netflix to amend their illegal practices. The privacy regulator’s investigation this time was jointly conducted with the Korea Internet & Security Agency (KISA) under the Ministry of Science and ICT.

Meanwhile, Google was not found to have violated the data privacy laws. But the firm received PIPC’s “recommendation for improvement” in collecting and processing additional privacy data such as payment information, occupation and level of education.

The PIPC said that it will continue to monitor the activities of global tech firms regarding their private data collection processes in South Korea.

“We hope that our measures will serve as a key momentum for the global firms to operate in full compliance with the local laws and regulations in the area of personal information,” said Song Sang-hoon, director-general for investigation and coordination at PIPC.

Write to Ji-hoon Lee at lizi@hankyung.com
Daniel Cho edited this article.