As personal data breaches become increasingly common, consumer concerns about digital privacy are becoming more pronounced. Major tech companies have faced intense scrutiny over their data handling and storing practices, with data privacy watchdogs worldwide imposing increasingly hefty penalties.
However, one sector that has managed to maintain a relatively secure profile in terms of data privacy is cryptocurrency. Cryptocurrencies enhance security and transparency based on blockchain technology which has a decentralised structure and strong encryption. They are commonly used in online casinos with no sign-up needed to ensure users are safe without having to undergo the typical know-your-customer (KYC) checks required by fiat currency-accepting online casinos.
In contrast, social media giants like Meta Platforms – the parent company of Facebook and Instagram – have faced several regulatory challenges. Recently, Meta was fined almost $15.7 million by South Korea’s Personal Information Protection Commission (PIPC) for unlawfully collecting and sharing data from its Facebook users.
The Investigation
The PIPC’s investigation into Meta’s data practices was extensive, finding that Meta had amassed sensitive information from just less than a million South Korean Facebook users without acquiring explicit consent.
This information contained highly personal details, like users’ political views, sexual orientation, and religious beliefs. These data categories are protected under South Korean law.
The investigation found that Meta used sophisticated algorithms to analyse user behavior on Facebook, including the pages liked and advertisements clicked on. Based on these interactions, Meta grouped users into what could be considered sensitive themes, like LGBTQ+ issues, transgender topics, and North Korean defectors.
Meta then granted around 4,000 advertisers access to this data, which was used to tailor advertising efforts to specific audiences. This practice violates South Korea’s privacy laws, which forbid the collection, processing, or sharing of personal data without clear user consent.
According to Lee Eun Jung, director at the PIPC, Meta’s data policy was vague and did not clearly disclose these practices to users, preventing users from making informed decisions about their personal data. Lee stated, “While Meta collected this sensitive information and used it for individualised services, they made only vague mentions of this use on their data policy and did not obtain specific consent.”
The PIPC also criticised Meta for failing to secure its user data. As part of the investigation, it was revealed that Meta had not implemented security measures, leaving inactive user pages vulnerable to hacks. This failure resulted in at least 10 instances where hackers forged identities using inactive South Korean Facebook accounts and initiated password resets on behalf of other users, resulting in unauthorised data access.
Following the investigation, the PIPC imposed a $15.67 million fine and ordered Meta to establish more transparent data consent processes and improve security measures.
Meta Hit With Fines In The Past
Meta’s most recent fine imposed by South Korea is not an isolated case. South Korean authorities have imposed several fines on Meta in the past few years as part of a movement to hold tech giants accountable.
In 2022, the PIPC fined Google and Meta a combined $72 million (100 billion won) for tracking users’ online behavior without consent. According to the PIPC, both companies failed to communicate their data collection practices, using users’ browsing data from external websites for targeted advertising.
The PIPC has mandated that both companies adopt clear consent practices so users have control over their personal information.
In 2020, Meta was fined 6.7 billion won ($4.8 million) by South Korean regulators for sharing data with third-party partners without consent.
Meta has faced similar challenges at a global scale. Earlier in 2024, European regulators issued a $102 million fine after an investigation uncovered that Meta had left user passwords exposed in an unencrypted format because of a security lapse.
These incidents highlight ongoing issues with Meta’s data management practices, which clash with local and international privacy laws.
Implications of South Korea’s Decision
There is optimism among international regulators that South Korea’s decision to yet again impose a fine on Meta will result in stricter data privacy compliance. It is a shift that will ensure tech giants align with local laws related to data protection and user privacy. Countries across Europe and Asia, and the United States, are adopting frameworks aimed at holding companies accountable for improper data handling.
South Korea’s $15.7 million fine against Meta shows a mounting intolerance for companies that have no regard for user privacy. For Meta, this is just the latest incident in a growing list of penalties that show complete disregard for their users.
These fines also serve as a reminder of risks related to centralised data systems managed by large companies. Although blockchain technology offers decentralised, privacy-focused options, companies like Meta remain dependent on data-driven models with massive amounts of potentially sensitive information.
