Republic of Korea: Personal Information Protection Commission concluded review of providers' compliance with social login data-deletion recommendations

On 10 December 2025, the Personal Information Protection Commission (PIPC) concluded the review assessing the implementation of improvement recommendations issued to social login providers used by over 500’000 domestic websites in February 2025. The providers were required to strengthen personal data destruction, including improved unlinking, account deletion notifications, and token revocation practices. The review assessed the follow-up actions by the social login providers, including Naver, Kakao, Google, Meta, and Apple, that received improvement recommendations in February. The measures focused on personal data deletion obligations. The PIPC concluded that providers ensured the timely destruction of personal data when users delete social login accounts or withdraw from linked services. The providers also updated developer documentation, including guidance on social withdrawal and account unlinking functions, including callback Uniform Resource Locator (URLs) and token-expiration Application Programming Interface (APIs).