Republic of Korea: Personal Information Protection Commission fined Meta KRW 21.6 billion for alleged unlawful collection and use of sensitive user data

On 5 November 2024, the Personal Information Protection Commission (PIPC) issued a penalty surcharge and administrative fine of KRW 21.6 billion (equivalent to USD 15.7 million) against Meta Platforms for its breaches of the Personal Information Protection Act (PIPA). The investigation determined that Meta collected and utilized sensitive data from approximately 980'000 domestic users without lawful consent, providing advertisers with detailed insights into users' religious beliefs, political views, and sexual orientation. Furthermore, Meta refused user requests for personal data access without legitimate reasons and failed to prevent data breaches due to vulnerabilities in account recovery procedures. The PIPC mandated corrective actions for Meta to secure necessary consents and enable user access to personal data, emphasising compliance with the PIPA for service providers operating globally.