South Korea’s data regulator fined Google and Meta a total of 100 billion won (U.S. $72 million) for violating the country’s personal data collection law, which forbids the collection and use of personal information without user consent.

The Personal Information Protection Commission (PIPC) announced penalties of ₩69.2 billion (U.S. $50 million) against Google and ₩30.8 billion (U.S. $22 million) against Meta for violating the Personal Information Protection Act from 2019-21, according to a Sept. 14 press release.

The fines are the largest ever issued by the PIPC regarding privacy violations and the first penalties related to the collection and use of behavioral information of online customized advertising platforms.

Both Google and Meta did not give users a clear way to opt out of allowing the companies to use personal data when users utilized other websites or services outside the companies’ own platforms, according to the PIPC.

Google did not notify consumers how to opt out. The default setting for the opt out was set to “agree,” and if a user wanted to change it, he or she would have to find the opt-out form on the “setting screen” under more options, according to a translated question-and-answer document the PIPC released.

Meta attempted to gain consent by presenting new users with a long form that was not easy to understand, the PIPC said.

The PIPC said both Google and Meta created customized advertising based on the personal data collected on their customers.

In addition to the fine, the PIPC required both companies to rectify the alleged issues.

Some of the personal information the two social media companies collected included users’ political views; health information; physical, physiological, and behavioral characteristics; and information that would make it easier for someone to identify individual users within the data, the agency said.

Google was fined 50 million euros (then-U.S. $57 million) by a French regulator in 2019 for failing to provide users with transparent and understandable information on its data use policies. That penalty, under the European Union’s General Data Protection Regulation (GDPR), was upheld by a French court in 2020.

Germany’s competition authority ordered Meta (then Facebook) in 2019 to “substantially restrict” how it collects and combines data about its users unless they give it explicit consent.

Google and Meta did not respond to requests for comment.

Aaron Nicodemus covers regulatory policy and compliance trends for Compliance Week. He previously worked as a reporter for Bloomberg Law and as business editor at the Telegram & Gazette in Worcester, Mass.View full Profile

More from Aaron Nicodemus

Topics