South Korea’s data watchdog, the Personal Information Protection Commission (PIPC), fined Facebook and Netflix for storing user data without consent. A privacy audit revealed last year that Facebook, Netflix, and Google were violating the country’s laws and had insufficient privacy protection. The PIPC fined $5.5 million and $188,000 to Facebook and Netflix, respectively, for user privacy violations.
Facebook’s User Data Privacy Violation
Facebook created and stored facial recognition templates for 200,000 local users between April 2018 and September 2019. These templates store information obtained from user photos and videos for identification purposes. Using these templates, user photos can then be identified using their names.
Facebook also illegally collected Social Security numbers and didn’t issue notifications about personal information management changes and other missteps. All of this resulted in an additional fine of 26 million won (US$22,248). This was in clear violation of privacy laws as all of this was done without any user consent.
PIPC then ordered the company to destroy all collected data and prohibited the processing of identity numbers without a legal basis. PIPC also directed Facebook to make it easier for users to check legal notices regarding personal information. Back in 2020, the PIPC also fined Facebook 6.7 billion won (US$5.7M) for passing on personal data to other operators without user permission.
Netflix User Data Privacy Violation
Netflix collects users’ personal information upon registration without their consent, even if they have not completed the registration process. Due to this, the company collected from five million people. In addition, Netflix didn’t disclose the international transfer of the data, which resulted in another fine of 3.2 million won (US$2,700). PIPC then directed Netflix to fix these issues.
Google’s Remedial Order
Google was the luckiest as it only received a remedial order. PIPC directed Google to improve its personal information handling measures as its legal notice upon collecting additional personal information is vague.
A Series of Fines but Not One Change
This is not the first time something like this has happened. Back in 2019, The FTC fined Facebook $5 billion for violating consumers’ privacy rights. Even back then, the commission directed the company to update and adopt new privacy and security measures.
Since then, not much has changed, and big companies like Facebook, Google, and Netflix continue to violate user data privacy for profit. Even after several antitrust cases, the fundamental problem remains.