Facebook (FB), Google, and Netflix have all reportedly been slammed with reprimands or fines from South Korea, along with orders for corrective action by the country’s data protection watchdog, as per a report by The A Register.
The Personal Infromation Protection Commission (PIPC) of South Korea reportedly carried out a privacy audit last year, revealing how the three tech firms, had apparently violated the nation’s laws last year, and had also set up an insufficient privacy protection.
Stealing Facial Data
Among the three companies, social media giant Facebook has been fined the largest amount, which stands at some 6.46 billion won ($5.5 million), after it was found to have been “creating and storing facial recognition templates” for as many as 200,000 local users, and that too, without proper consent, for a period of over a year, between April 2018 and September 2019. Additionally, another penalty of 26 million won ($22,000) has been issued, on grounds of illegal collection of social security numbers, and non-issuance of notifications about changes in personal information management, among other problematic moves.
The Mark Zuckerburg-led firm has been directed to either get rid of all facial data that it has collected without consent, or get the required consent from users. It has also been barred from processing identity numbers without a legal basis, and destroy the collected data, and disclose any contents pertaining to foreign migration of users’ personal data. Another order is to make it easier for users to check legal notices about personal information. This has become the second largest fine that has ever been issued by the agency, missing out on the 6.7 billion won ($5.7 million) that Social Network was slammed with last year.
Netflix, meanwhile, has been met with rather a small fine of just $220 million won ($188,000), on grounds of collection of data from some five million people without their consent. Another fine of 3.2 million won ($2,700) has been charges for not providing information about international transfer of data.
Just A Recommendation
If that seems easy, though, Google’s penalty will look like a total breeze, since it has just received a “recommendation” to improve its processes for handling personal data, while also making its legal notices more precise. That’s it. No fines, and no direct orders.
At the same time though, the PPIC says that it is not yet done investigating the methods adopted by such companies while collecting personal data, and adds that it will continue to review the same legally.