Following comprehensive investigations, the South Korean privacy regulator, the Personal Information Protection Commission (PIPC), has fined Facebook and Netflix for infringing several provisions of the Korean Personal Information Protection Act (PIPA).
The PIPC fined Facebook about US $5.6 million for six violations of the PIPA, the key one being the collection of facial recognition data without the users’ consent. For over a year, Facebook collected the information and used it to identify and display the names of individuals in photographs uploaded to its platform. The PIPC’s investigation also identified that Facebook unlawfully collected social security numbers, failed to notify users when it changed entity responsible for managing the personal data, neglected to disclose information when transferring personal data to third parties or overseas, and failed to submit reference materials when requested by the PIPC.
Netflix was fined US $190,000 for unlawfully collecting personal data from prospective users before the completion of the subscription process, and transferring this information outside South Korea without proper notice to data subjects.
Google was also investigated by PIPC but was not found to violate the PIPA. However, it received “recommendations for improvement” regarding its collection and processing practices surrounding information regarding payments, occupation, and level of education.