Republic of Korea: Issued Personal Information Protection Commission ruling in an investigation into OpenAI compliance with Personal Information Protection Act

On 26 July 2023, the Personal Information Protection Commission (PIPC) of Korea announced it had fined OpenAI, ChatGPT operator, KRW 3.6 million for violating data breach reporting requirements outlined in the Personal Information Protection Act. The PIPC stated that the names, e-mail addresses, credit card details and other personal information of 687 Korean users of ChatGPT Plus were leaked, and OpenAI failed to report the incident within 24 hours. Furthermore, the PIPC issued recommendations regarding preventive security measures and announced it would conduct fact-finding inspections.