Following a $6.1 million fine, Facebook now face criminal prosecution in South Korea.
Facebook have been held accountable by a South Korean agency for providing personal information of its users to other website operators without the user’s consent. Facebook Ireland Ltd are now facing a criminal prosecution as they were in charge of the South Korean Facebook operations of its users. 3.3 million of the 18 million Facebook users in the country had their information shared without their consent.
The South Korean Agency have a duty to protect personal information online, and to be on the look out when there has been a data breach of private information such as in this case. During the investigation it was found that personal data had been swimming between Facebook and other website operators for over 6 years between 2012 to 2018.
This matter did not come to anybody’s attention until August 2020 when Korea’s Personal Information Protection Commission was launched, and it initiated a thorough investigation on the worldwide tech giant that is Facebook.
It is almost as though these 3.3 million Facebook users over this duration had been double blindsided when logging into third-party services. This is because it was not only their personal data, which was being transmitted to other online operators, but it was also personal information of the user’s Facebook friends that was also provided. This instance only goes to show that it only takes a few clicks on the keyboard, and a few swipes on the computer mouse, before you have successfully handed over your personal information without even realising when the online user protection is not sufficient. The transmission of personal user data on Facebook should not have happened in this matter in Korea, and Facebook upon receiving the fine are currently in the process of reviewing the decision.
In this matter Facebook were found to have shared user information which included its user’s names, addresses, date of birth, work experience and relationship statuses. It was found that this information could have been shared to up to 10,000 other online companies which is highly concerning as these companies remain ambiguous to the Facebook users. The South Korean watchdog (Reuters) have said it won’t be possible to say exactly how much data was shared unless Facebook handed over the relevant documents to reveal this. The seriousness of the data breach could mean that the director of Facebook Ireland who is responsible for user privacy could face five years in prison, if not a hefty fine of over 50 million won for the violation of South Korea’s law for user privacy online.
In a statement a spokeswoman of Facebook have said that they are “cooperating as much as possible throughout the investigation process, we regret that the Personal Information Protection Commission has sought a criminal investigation.” This example in South Korea, and the severity of the penalty held against Facebook, clearly emphasises the seriousness of needing to protect a user’s information which they did not consent to being shared in the first place. Perhaps it would be a different story if users were Naïve and clicked cluelessly when trying to engage with third-party platforms through Facebook, yet in this case the users were not even offered this opportunity to consent.