Google, Meta, and Privacy Violations in South Korea
On September 14, 2022, it was announced that multinational technology companies Google and Meta were both fined $71.8 million for violating South Korea’s foremost data privacy law, The Personal Information Protection Act of 2011 (PIPA). To this point, the Personal Information Protection Commission (PIPC), the primary privacy watchdog and regulator within South Korea, has confirmed that they ordered Meta and Google to pay $22 million and $50 million respectively for failing to “clearly inform users of the collection and use of other companies’ behavioral information when they signed up for its service and set the default choice to “agree” while covering up further options available via the setting screen, the country’s authorities explained in the press release. Meta was also found to have violated personal information protection rules.”
Under the provisions of South Korea’s PIPA, businesses and organizations that collect and process the personal information of the millions of citizens that reside within the country must do so in accordance with the expressed consent of these citizens, as is the case with many other comprehensive data protection laws that have been passed in recent years. Nevertheless, the sheer scale and reach of many large-scale technology companies such as Google and Meta make violations of personal privacy all but inevitable, as Google and Meta are two of the most prominent brand names in the current online world. In spite of this, however, these two companies have also a troubling history of failing to obtain consent from online users prior to collecting and processing their personal data, irrespective of how popular their businesses may be on a global scale.
Repeated violations of personal privacy
To this last point, Google and Meta specifically have been fined hundreds of millions of dollars in multiple countries and jurisdictions in the past five years alone for failing to protect the data privacy rights of online users. To illustrate this point further, Google was recently fined $42.7 million by the Australian Competition and Consumer Commission (ACCC) for misrepresenting the manner in which the company had been collecting location data from consumers within the country that had been using Google’s host of devices and services, as many of these consumers in question reported that their location data had been collected even after they had selected the “No” or “Do not collect” options when being promoted to do so when using their Google devices.
Conversely, Meta was hit was a series of complaints in California federal courts this past month for allegedly violating the provisions of the Health Insurance Portability and Accountability Act (HIPAA). To this end, while the nature of these numerous complaints was varied, the commonality between them all was the allegation that Meta’s Pixel Too, described by the company as “a piece of code on your website that can help you better understand the effectiveness of your advertising and the actions people take on your site”, had effectively used the Protected Healthcare Information (PHI) of California residents to deliver targeted advertisements to Facebook users, a clear violation of the personal privacy rights of these residents.
Privacy enforcement on an international level
Due in large part to the rise in privacy violations that have occurred in conjunction with the increasing popularity of search engines such as Google and social networking websites such as Facebook, many nations around the world have enacted data protection legislation in an effort to protect the citizens within their communities from having their personal information stolen without their consent. To this end, the tens of millions of dollars that South Korea’s PIPC recently imposed against Google and Meta represents the “largest penalty in South Korea for violating personal information protection laws and the country’s first sanction pertaining to the collection and use of behavioral information on online customized advertising platforms.”
To this end, despite the number of privacy enforcement decisions that have been made against major technology companies as of late, there will surely be many more on the horizon, as new data protection laws continue to be both enacted, amended, and enforced. As a result of this fact, businesses and corporations will have to begin reconsidering the ways in which they collect personal information, as the unregulated nature of the internet that has been in place for the last 20 years is clearly coming to an end. Furthermore, these companies will also have to consider the repercussions and reputational damage that is often associated with failing to safeguard the personal privacy and security of a particular customer base.
While efforts to pass a federal comprehensive data protection law in the U.S. have been fraught with inconsistencies and conflicting interpretations, many states around the U.S. have taken heed to what other nations around the world have been doing as it concerns personal privacy protection. From California to Virginia to Colorado, several states have taken steps to assure their residents that they will have the legal means to prevent businesses from using their personal information to generate revenue without their consent. As such, Meta, Google, and others will have no choice but to take notice of the manner in which privacy legislation is changing over the next few years.