top of page

S. Korea’s Landmark Levy: PIPC Fined Google and Meta for Privacy Violations 

Updated: May 12, 2023

S. Korea’s Landmark Levy: PIPC Fined Google and Meta for Privacy Violations 

The South Korean government has fined Google and META for collecting users' data without their consent. The two companies were fined by the Personal Information Protection Commission (PIPC), which regulates the use of personal information in South Korea. This is a landmark levy that would send chills through any other business that deals in personal data.

Disregarding the Need to Seek Consent

The PIPC found that both companies had collected personal information on their users' smartphones without informing them or obtaining their consent before processing it for marketing purposes such as targeted advertising to earn profits.

The Korea PIPC said that Google and Meta were found guilty of violating the Personal Information Protection Act by collecting sensitive personal information.

The Personal Information Protection Commission is a government agency of South Korea established to protect personal information and promote information security.

The commission was created under the Personal Information Protection Act. The commission was originally known as the Committee on Promotion of Information Security.

The commission has jurisdiction over all entities that collect personal information, such as companies, government agencies, and educational institutions.

The commission can issue warnings or fines to companies that violate the Personal Information Protection Act.

It also has authority over private entities that collect personal information, such as banks, hospitals, and internet companies.

Billions of Losses in Fines

The Personal Information Protection Commission (PIPC) has fined Google 69.2 billion won ($50 million) and Meta 30.8 billion won ($22 million). In addition to the fines, both companies must comply with stricter rules regarding handling South Korean users' personal information.

The decision follows an investigation by the commission that began following complaints from consumers who were upset that their data had been harvested without their consent.

As you know, Facebook and Google are the two largest social media companies worldwide. They have over 2 billion users and control over 60% of the global digital advertising market.

But despite their dominance, both companies have had issues with privacy violations that cost them millions of dollars in fines.

Balancing Privacy and Personalization

Customized ads are great, but consumers want brands to respect their data. In the digital era, consumers are becoming increasingly accustomed to having their data collected and analyzed for brands to provide them with more personalized experiences.

However, for this model to be successful and acceptable, companies must obtain informed consent from users regarding how information collected about them will be used.

It's also important that organizations inform users about what types of information they collect and how it is used so that service users can make informed choices about whether they wish to opt-out of certain data collection practices (for example, facial recognition).

Google Spokesperson Disagreed with PIPCs Findings

Google spokesperson disagreed with PIPCs findings, saying they comply with all data privacy regulations in S. Korea.

However, PIPC has already decided to fine Google billions over alleged violations of local user privacy laws and policies on location tracking.

According to Reuters, South Korean officials plan to evaluate whether more penalties are needed if there are other violations by tech companies like Facebook or Twitter.

Meta Said they Disagree with the Commission's Decisions.

Meta said they disagree with the commission's decisions but accepted them and would also work with the government to ensure that their practices align with the law.

The fine consider both the size and duration of the infringement, as well as aggravating circumstances such as its impact on consumers and competition.

Companies Need to Be More Truthful with Their Clients about Their Privacy Practices

If you're a company collecting user data, take note: in the age of increased regulation and user scrutiny, it's important to be more transparent about your privacy practices. That's why we highly recommend that you:

Be transparent about what data you collect from your users and how you use it. The more honest you are about this, the less likely regulators will be to punish you for violating laws on transparency or unfairness with consumers (as Google has been accused of doing).

Be honest about your data security practices. For example, if an issue with one of your apps or websites could expose user information, let people know as soon as possible — don't wait until something goes wrong or someone else finds out first!

If possible, also explain how much damage has already been done so they can better understand how badly they might have been affected if they weren't warned (e.g., "there were unauthorized access attempts made against our system over the past 24 hours").

Be honest about any breach affecting consumer records; even if it wasn't technically illegal (like when Equifax leaked Social Security numbers instead), don't try hiding behind technicalities like "it wasn't espionage."


For companies like Google and META, the privacy policies they have in place should be more transparent and easier to understand. I think Google has made some progress, but there is still room for improvement.

If you are a brand, business, agency, or publisher collecting, storing, or sharing PII (Personally Identifiable Information), then take the first step towards becoming data privacy compliant.

Showing your consumers that you respect their right to privacy and consent with the Adzapier Consent Management Platform. Subscribe to claim Adzapier CMP free for 30 days.

bottom of page