The South Korean authorities said that Meta and Google didn’t receive legitimate or legal consent when collecting users’ information who visited their websites and used other websites and apps for customized ads.
According to the authority’s explanation, Google didn’t inform its users of the collection, including using other companies’ behavioral details when signing up for its service and setting up the default choice to “agree” as it covers further available options on the settings screen.
Meta, the Facebook parent company, was also found to have violated the country’s personal information protection rules.
This action made the South Korea PIPC (Personal Information Protection Commission) order the big techs to correct the violations while imposing fines of 30.8 billion KRW (~$22 million) on Meta and 69.2 billion KRW (~$50 million) on Google.
So far, this is the biggest penalty in the country for violating personal information protection laws and the first sanction associated with using and collecting behavioral information on online customized advertising platforms.
The big techs’ response
In reaction, Meta’s spokesperson said, “While we respect the PIPC’s decision, we are confident that we work with our clients in a legally compliant way that meets the processes required by local regulations. As such, we don’t agree with the commission’s decision and will be open to all options, including seeking a ruling from the court.”
Google also responded via its spokesperson, “We disagree with the PIPC’s findings and will be reviewing the full written decision once it’s shared with us. We’ve always demonstrated our commitment to making ongoing updates that give users control and transparency while providing the most helpful products possible. We remain committed to engaging with the PIPC to protect the privacy of South Korean users.”
Other overseas fines in recent years
Overseas watchdogs have also fined Meta and Google for not complying with data protection regulations in the past few years.
The CNIL, the French data protection watchdog, issued its first General Data Protection Regulation fine of $57 million for consent and transparency violations in 2019.
Facebook-owned WhatsApp received a fine of $267 million for violating GDPR’s transparency principle in 2021. The German Federal Cartel Office also ordered a restriction on Meta’s data gathering on users from 3rd-party websites without their consent. The order is still under the EU legal challenge.