Google, Meta, and Privacy Violations in South Korea

September 14, 2022 | 4 minutes read
Google, Meta, and Privacy Violations in South Korea

On September 14, 2022, it was announced that multinational technology companies Google and Meta were both fined $71.8 million for violating South Korea’s foremost data privacy law, The Personal Information Protection Act of 2011 (PIPA). To this point, the Personal Information Protection Commission (PIPC), the primary privacy watchdog and regulator within South Korea, has confirmed that they ordered Meta and Google to pay $22 million and $50 million respectively for failing to “clearly inform users of the collection and use of other companies’ behavioral information when they signed up for its service and set the default choice to “agree” while covering up further options available via the setting screen, the country’s authorities explained in the press release. Meta was also found to have violated personal information protection rules.”

Under the provisions of South Korea’s PIPA, businesses and organizations that collect and process the personal information of the millions of citizens that reside within the country must do so in accordance with the expressed consent of these citizens, as is the case with many other comprehensive data protection laws that have been passed in recent years. Nevertheless, the sheer scale and reach of many large-scale technology companies such as Google and Meta make violations of personal privacy all but inevitable, as Google and Meta are two of the most prominent brand names in the current online world. In spite of this, however, these two companies have also a troubling history of failing to obtain consent from online users prior to collecting and processing their personal data, irrespective of how popular their businesses may be on a global scale.

Repeated violations of personal privacy

To this last point, Google and Meta specifically have been fined hundreds of millions of dollars in multiple countries and jurisdictions in the past five years alone for failing to protect the data privacy rights of online users. To illustrate this point further, Google was recently fined $42.7 million by the Australian Competition and Consumer Commission (ACCC) for misrepresenting the manner in which the company had been collecting location data from consumers within the country that had been using Google’s host of devices and services, as many of these consumers in question reported that their location data had been collected even after they had selected the “No” or “Do not collect” options when being promoted to do so when using their Google devices.

Conversely, Meta was hit was a series of complaints in California federal courts this past month for allegedly violating the provisions of the Health Insurance Portability and Accountability Act (HIPAA). To this end, while the nature of these numerous complaints was varied, the commonality between them all was the allegation that Meta’s Pixel Too, described by the company as “a piece of code on your website that can help you better understand the effectiveness of your advertising and the actions people take on your site”, had effectively used the Protected Healthcare Information (PHI) of California residents to deliver targeted advertisements to Facebook users, a clear violation of the personal privacy rights of these residents.

Privacy enforcement on an international level

Due in large part to the rise in privacy violations that have occurred in conjunction with the increasing popularity of search engines such as Google and social networking websites such as Facebook, many nations around the world have enacted data protection legislation in an effort to protect the citizens within their communities from having their personal information stolen without their consent. To this end, the tens of millions of dollars that South Korea’s PIPC recently imposed against Google and Meta represents the “largest penalty in South Korea for violating personal information protection laws and the country’s first sanction pertaining to the collection and use of behavioral information on online customized advertising platforms.”

To this end, despite the number of privacy enforcement decisions that have been made against major technology companies as of late, there will surely be many more on the horizon, as new data protection laws continue to be both enacted, amended, and enforced. As a result of this fact, businesses and corporations will have to begin reconsidering the ways in which they collect personal information, as the unregulated nature of the internet that has been in place for the last 20 years is clearly coming to an end. Furthermore, these companies will also have to consider the repercussions and reputational damage that is often associated with failing to safeguard the personal privacy and security of a particular customer base.

While efforts to pass a federal comprehensive data protection law in the U.S. have been fraught with inconsistencies and conflicting interpretations, many states around the U.S. have taken heed to what other nations around the world have been doing as it concerns personal privacy protection. From California to Virginia to Colorado, several states have taken steps to assure their residents that they will have the legal means to prevent businesses from using their personal information to generate revenue without their consent. As such, Meta, Google, and others will have no choice but to take notice of the manner in which privacy legislation is changing over the next few years.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »