Meta Platforms, Inc., the parent company of Facebook, has been fined 21.62 billion won ($15.67 million) by South Korea’s Personal Information Protection Commission (PIPC) for improperly using sensitive user data.
The penalty was imposed following an investigation that found Meta had gathered sensitive user information without proper legal permission and then shared it with advertisers.
According to the PIPC, Meta gathered personal information, including religious beliefs, political opinions, and sexual orientation, from about 980,000 Facebook users in South Korea without getting the necessary consent.
“The company’s actions broke the Personal Information Protection Act and violated the privacy rights of South Korean citizens,” said a PIPC spokesperson.
The investigation discovered that Meta looked at what users did on Facebook, like which pages they liked and which ads they clicked on, to create ads based on their personal information. This included labelling users as North Korean defectors, members of certain religious groups, or people who identify as transgender or gay.
The commission also pointed out that Meta did not give users access to their own data when they asked for it and failed to stop a data breach that let hackers see the information of about 10 South Korean users.
This situation is part of a larger global concern about tech companies not protecting people’s data privacy. Recently, the Irish Data Protection Commission fined LinkedIn €310 million for not following the General Data Protection Regulation (GDPR) when handling user data for analysis and targeted ads.