em360tech image
Image Credit: South Korea flag - Myvector | Adobe Stock. Mark Zuckerberg - By Anurag R Dubey - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=137851694

Facebook owner Meta has been fined once again this year. This time South Korea called out the tech giant for collecting sensitive user data. 

South Korea has ordered Meta to pay 21.62 billion won ($15.67 million) in fines after discovering that the Instagram owner had collected sensitive user data. 

According to Seoul’s data protection agency said that Meta not only collected the user data but provided that sensitive information to its advertisers without a legal basis. 

The Personal Information Protection Commission noted in a statement on Tuesday that Meta obtained information from about 980,000 South Korean Facebook users on issues such as their religion, political views and sexuality while failing to seek agreement from users.

Meta Platforms did not ask for users’ consent to use their personal information for third parties, particularly advertisers. 

Seoul’s data protection agency told Reuters that the information was then used by some 4,000 advertisers. 

"Specifically, it has been found that (Meta) analysed user behaviour data such as pages they liked and advertisements they clicked on Facebook and created and managed advertising themes related to sensitive information," the official body emphasised.

The information also potentially included data of users categorised, for instance, North Korean defectors who are following a particular religion, or identifying as transgender or gay person. 

The agency further noted that Meta had also unfairly declined a request by users to access personal information and failed to prevent data on about 10 South Koreans from being leaked by hackers.

Meta Levied Fines by Irish DPC

This is not the first time Meta has been slammed with fines worth millions this year. 

Earlier in September, the Irish Data Protection Commission (DPC) penalised Meta for violating the General Data Protection Regulation (GDPR) in Ireland. 

meta levied fines by Irish DPC
Image Credit: maurice norbert | Adobe Stock

The Irish DPC ordered the Facebook owner to pay a fine worth €91 million ($101.56 million) for failing to promptly notify the DPC of a data breach. 

Meta had failed to record personal data breaches regarding the storage of user passwords in plaintext. 

The Irish agency’s investigation uncovered that Meta’s data breach exposed the sensitive information of a huge number of users including their passwords having been compromised. 

Mark Zuckerberg’s company was also hit with a record fine by the Irish DPC of €1.2 billion last year (May 2023) for manhandling people’s data when transferring data between the EU and the United States (U.S). 

The agency claimed that Meta breached GPDR and transferred personal data to the US based on standing contractual clauses (SCC) since 16 July 2020. 

The Irish DPC and the European Data Protection Board (EDPB) said that using SCCs to facilitate data transfers fails to adequately protect European personal data.

In January 2023, Meta levied a fine worth €390 million ($414 million) by the Irish DPC for breaking EU data rules.

The EU privacy watchdog said that Meta’s way of seeking permissions from its users to use their data for advertisements on Facebook and Instagram was unlawful. 

The commissioner also noted that Facebook and Instagram cannot “force consent” by telling consumers to accept how their data is used or leave the platform instead.