Seoul, South Korea - The Supreme Court of South Korea has ruled that a fine of 6.7 billion won (approximately $5 million USD) imposed on Meta Platforms Inc. by the Personal Information Protection Commission (PIPC) for unauthorized data sharing is lawful. The decision marks the end of a protracted legal battle, affirming the PIPC's authority to penalize companies for violating user privacy.
The ruling, delivered by the Supreme Court's First Division under Justice Noh Kyung-pil, dismissed Meta's appeal against the PIPC's fine and corrective orders. The case stemmed from allegations that Meta, then operating as Facebook, had provided user data to third-party services without explicit consent between May 2012 and June 2018.
Key Points of the Case:
Unauthorized Data Transfer:The PIPC's investigation revealed that when users logged into third-party services via Facebook, their personal information, along with that of their Facebook friends, was shared with those services.
This data included sensitive details such as educational background, work history, location, family and relationship status, and interests.
It is estimated that the personal information of at least 3.3 million out of 18 million South Korean Facebook users was shared without their consent.
Meta's Defense:Meta argued that the data transfer occurred through users' voluntary choices and that Facebook did not actively induce this sharing.
The company also claimed that the fine was excessive.
Court's Decision:The Supreme Court upheld the lower courts' rulings, stating that even if the shared information was already publicly available on users' profiles, Facebook's provision of this data to third-party apps without friends' consent constituted a violation of their right to control their personal information.
The court found no errors in the lower court’s judgement.
PIPC's Response:The PIPC has announced that it will resume enforcing the corrective orders against Meta and will monitor the company's compliance.
Implications:
This ruling sends a strong message to tech companies operating in South Korea that user privacy must be protected. It reinforces the authority of the PIPC to take decisive action against companies that violate data protection laws. This case highlights the growing importance of data privacy in the digital age and the need for companies to obtain explicit consent from users before sharing their personal information.
[Copyright (c) Global Economic Times. All Rights Reserved.]
