The South Korean government recently stated that it had fined Google and Facebook’s parent company Meta $71.8 million (100 billion KRW) for breaking the country’s privacy laws.
Why was the fine levied?
The South Korean authorities claimed that Google and Meta did not receive valid authorization for collecting their user’s data, which they then utilized for personalized advertisements based on their frequently visited websites, online purchases, search history, and similar internet activities.
According to the press release from the nation’s authorities, Google did not provide users with a clear explanation of the collection and use of users’ behavioral data when they signed up for its service and set the default choice to ‘agree’ while hiding other options available via the setting screen.
A representative for the Personal Information Protection Commission (PIPC) stated that Meta did not acquire its user’s authorization when collecting and using their behavior data for tailored adverts when users joined up and failed to disclose other information that customers were legally entitled to know. The Commission also noted that Meta’s data policy was written in a way that was difficult for consumers to comprehend and lacked the necessary specifics that are to be made available to the consumer by law. In doing so, the two tech giants violated the country’s Personal Information Protection Act.
The PIPC fined Google 69.2 billion KRW ($50 million) and Meta 30.8 billion KRW ($22 million) and ordered the businesses to stop the infringement of their user’s personal data and employ more transparency in their policies in the future.
Implications of the fine
According to the PIPC, the fine on Google and Meta is the highest ever imposed by South Korea for violating privacy regulations, and it is also the first result of an inquiry into the gathering and use of behavioral data by online advertising platforms. It is worth noting that South Korea’s penalty comes at a time when several international agencies, including those in the EU and India, are also investigating Google and Meta’s privacy policies. The EU recently ruled against Google’s parent company, Alphabet, for allegedly violating the Antitrust law. The Antitrust law was passed to ensure that there is fair competition in the market at all times, which Google violated by monopolizing the Android smartphone and application market.
In a similar vein, the Apple App Store and Google Play Store are also under investigation by South Korea’s telecom regulator for allegedly breaking the nation’s new smartphone app store rules, which call for Apple and Google to permit developers to use third-party payment alternatives instead of adhering to the default options.
Google and Meta’s previous privacy concerns
However, this is not the first time that Google has toed the line when it comes to respecting their user’s personal data, with the French privacy regulator CNIL penalizing Google for 50 million euros back in 2019. The French authorities alleged that the corporation had violated the EU’s General Data Protection Regulation (GDPR) data protection regulations by gathering data without clearly disclosing its intentions with it. According to the CNIL, it levied the punishment on the tech giant due to a “lack of openness, poor information, lack of valid permission for advertisements personalization,” and stated that the “users’ consent is not appropriately acquired” through their use of the various apps under the Google umbrella.
Google and Facebook ran into trouble with the CNIL once again in January of this year, when they were fined €150 million and €60 million, respectively, for making declining tracking cookies more complex than it was to accept them. This inadvertently resulted in their user base underestimating the importance of their cookies and accepting to track them simply because it was the easier option. Accepting cookies meant that the companies were able to store data related to the customer’s preferences and use them to create targeted advertisements or direct their searches in the future.
The Italian and Austrian data protection authorities also followed suit, issuing a warning to all websites using Google Analytics. The authorities issued warnings to the websites using the service without established security measures. This went against EU data protection laws due to the collected data being sent to the US for processing, which is where Google and Meta are both headquartered.
The German Federal Cartel Office also recently put a restriction on Meta’s data collection on users from third-party websites without their consent. At the same time, WhatsApp, which is controlled by Facebook, was fined $267 million for violating the GDPR’s transparency principle last year. However, the case still remains open, with Meta challenging the fines.
Google and Meta’s response to the fines
Both Google and Meta released statements after being fined for misappropriating their user’s data. Google released a statement saying, “We disagree with the PIPC’s findings and will be reviewing the full written decision once it’s shared with us. We’ve always demonstrated our commitment to making ongoing updates that give users control and transparency while providing the most helpful products possible. We remain committed to engaging with the PIPC to protect the privacy of South Korean users.”
Following suit, Meta also responded to the matter, with their spokesperson stating, “While we respect the PIPC’s decision, we are confident that we work with our clients in a legally compliant way that meets the processes required by local regulations. As such, we don’t agree with the Commission’s decision and will be open to all options, including seeking a ruling from the court.”
Conclusion
The recent penalties on Meta and Google are reported to be South Korea’s largest ever fines levied on tech corporations for breaking their privacy laws and regulations. In addition to paying the hefty fines, Google and Meta are now required by the privacy commission to provide consumers with a clear explanation of intent before collecting and using their personal data to avoid exploiting them. Though the two companies do not seem to be happy with the ruling and may seek a legal ruling to reverse the penalties, the move taken by South Korea was applauded as a positive step toward giving back users their privacy in a world ruled by the internet.