Republic of Korea: Personal Information Protection Commission issued improvement recommendations in investigation into Kakao Talk, Naver, Coupang, Baemin, Karrot over data processing practices

On 24 July 2025, the Personal Information Protection Commission (PIPC) issued a set of recommendations aimed at enhancing privacy protections in large-scale applications following a review of five platforms, Kakao Talk, Naver, Coupang, Baemin, and Karrot. The recommendations address integrated online services such as messaging, shopping, and payments, and focus on practices involving personal data transfers via Application Programming Interfaces (APIs) and data warehouses. The PIPC advised increased involvement of privacy departments in data flow configurations, a two-year retention period for access logs, and clearer differentiation between consent-based and contract-based data collection. The PIPC also encouraged greater transparency through updated privacy policies and more accessible tools for users to withdraw from services and exercise their data rights. Compliance will be subject to future assessments by the PIPC.