Facebook, Netflix and Google have all received reprimands or fines, and an order to make corrective action, from South Korea’s government data protection watchdog, the Personal Information Protection Commission (PIPC).
The PIPC announced a privacy audit last year and has revealed that three companies – Facebook, Netflix and Google – were in violations of laws and had insufficient privacy protection.
Facebook alone was ordered to pay 6.46 billion won (US$5.5M) for creating and storing facial recognition templates of 200,000 local users without proper consent between April 2018 and September 2019.
Another 26 million won (US$22,000) penalty was issued for illegally collecting social security numbers, not issuing notifications regarding personal information management changes, and other missteps.
Facebook has been ordered to destroy facial information collected without consent or obtain consent, and was prohibited from processing identity numbers without legal basis. It was also ordered to destroy collected data and disclose contents related to foreign migration of personal information. Zuck’s brainchild was then told to make it easier for users to check legal notices regarding personal information.
Netflix’s fine was a paltry 220 million won (US$188,000), with that sum imposed for collecting data from five million people without their consent, plus another 3.2 million won (US$2,700) for not disclosing international transfer of the data.
Google got off the easiest, with just a “recommendation” to improve its personal data handling processes and make legal notices more precise.
The PPIC said it is not done investigating methods of collecting personal information from overseas businesses and will continue with a legal review.