A South Korean agency on 25 November 2020 fined has Facebook Inc. with 6.7 billion ($6.06 million) and sought a criminal investigation on the charge of providing users’ personal information to other operators without consent.
The Personal Information Protection Commission (PIPC) said that Facebook Inc. shared the data of at least 3.3 million out of its 18 million users in Korea to other companies without their consent between May 2012 to June 2018. The Information shared by Facebook includes user names, academic history, job history, hometown, and relationship statuses.
The PIPC is an independent body established under Article 7 of the Personal Information Protection Act (PIPA) to protect the privacy rights of individuals. The key role of PIPC is to deliberate on and resolve personal data-related policies, coordinate different opinions among other government agencies on the processing of personal data.
"A user agreed to share their information with a particular service when they logged in with their Facebook accounts. However, the user's friends didn't, and they were unaware that their data were also being shared," the commission said.
These third-party apps then used the data provided by Facebook without users' permission to make customised advertisements to display on the social media service. Facebook ultimately made unfair profits by sharing user data without their consent, the PIPC said.
The commission said that it will seek thr country's prosecution for a criminal investigation against Facebook Ireland Ltd.
"We have cooperating as much as possible throughout the investigation process, we regret that the Personal Information Protection Commission has sought a criminal investigation," a Seoul-based Facebook spokeswoman said in a statement.
The probe against the Facebook Inc. started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC.
