SEOUL, South Korea: South Korea’s privacy watchdog fined social media company Meta 21.6 billion won (RM68 million or US$15 million) on November 5 for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and shared them with thousands of advertisers.

It was the latest in a series of sanctions against Meta by South Korean authorities in recent years as they increase their scrutiny of how the company, which also owns Instagram and WhatsApp, handles private information.

Following a four-year investigation, South Korea’s Personal Information Protection Commission concluded that Meta illegally collected sensitive information about about 980,000 Facebook users, including their religion, political views and whether they were in same-sex unions. sex, from July 2018 to March 2022.

It said the company shared the data with about 4,000 advertisers.

South Korea’s privacy law provides strict protection for information related to personal beliefs, political opinions and sexual behavior and prohibits companies from processing or using such data without the specific consent of the individual involved.

The commission said Meta gathered sensitive information by analyzing the pages Facebook users liked or the ads they clicked on.

The company classified the ads to identify users interested in topics such as specific religions, same-sex and transgender issues and issues related to North Korean defectors, said Lee Eun Jung, a director at the commission that led the Meta investigation.

“While Meta collected this sensitive information and used it for individualized services, they only made vague mentions of this use in their data policy and did not obtain specific consent,” Lee said.

Lee also said that Meta put the privacy of Facebook users at risk by failing to implement basic security measures, such as removing or blocking inactive pages. As a result, hackers were able to use inactive pages to spoof identities and request password resets for other Facebook users’ accounts. Meta approved those requests without proper verification, leading to data breaches that affected at least 10 Facebook users in South Korea, Lee said.

In September, European regulators hit Meta with more than US$100 million (RM440.24 million) in fines over a 2019 security breach in which users’ passwords were temporarily exposed in an unencrypted form.

Meta’s South Korea office said it would “carefully review” the commission’s decision, but did not immediately offer further comment.

In 2022, the commission fined Google and Meta 100 billion won (RM314.85 million or US$72 million) for tracking consumers’ online behavior without their consent and using their data for targeted advertising, in the largest sanctions ever imposed in South Korea for privacy. violations of the law.

The commission said then that the two companies did not clearly inform users and did not obtain their consent to collect data about them because they used other websites or services outside their own platforms. It ordered companies to provide an “easy and clear” consent process to give people more control over whether to share information about what they do online.

The commission also hit Meta with a 6.7 billion won (RM21.09 million or US$4.8 million) fine in 2020 for providing personal information about itsx users to third parties without consent. – AP