South Korea has been known for making huge strides in technological advancements. With companies like Hyundai, LG, and Samsung being the flag bearers, it has pioneered many tech and business solutions for the masses globally. However, one thing that not many people know about South Korea is that it takes its country’s data privacy and compliance seriously. A year ago, the South Korean telecommunication watchdog, Korea Communications Commission (KCC), found TikTok guilty of mishandling child data and thus had fined the company for 186 million won (approximately $155,000). Keeping a stern stance towards data compliance, South Korea’s Personal Information Protection Commission (PIPC) has now reportedly fined Microsoft and five other local companies on multiple counts of failing the country’s data protection laws.
The PIPC Imposes Fines
The fines imposed cumulatively total $75,000, of which Microsoft will pay 16.4 million won (approximately $14,700). Microsoft has been penalized on the pretext of failing to put in place appropriate protective measures on administrative accounts that eventually leaked over 119,000 email accounts, of which 144 belonged to South Korean citizens. This, however, was not the only count for the hefty penalty. Microsoft apparently announced the leaks within 24 hours of the incident as per the PIPC’s data laws – but in English. It took 11 more days to publish the data leak in the Korean language, which the PPIC said is mandatory for all Korean users.
The others in the list included a blockchain subsidiary Ground X and a known software company, Innovation Academy. Both companies were handed 25 million won ($22,400) each in fines for general privacy shortcomings. But, like Microsoft, both the companies were additionally charged on one count each. As per PIPC’s investigation, Ground X was found to have not protected their passwords efficiently and Innovation Academy was found guilty of a data leak that resulted in an extra six million won (approximately $5,400) and three million won ($2,700) fine respectively.
Besides, the World Math Fusion Olympiad Korea, the Korean Mountain Bike Federation, and the Korea Professional Football League were all slapped with a three million won ($2,700) fine for “data mismanagement.” In addition to the monetary fine, the football league was also asked to take corrective actions to fix the issues at the earliest.
Since the PIPC is an independent body established under the Personal Information Protection Act (PIPA), privacy rights and protection of personal data are a matter of utmost concern in the country. Hence, organizations in both the private and public sectors are required to comply with PIPA’s compliance and regulations.
Furthermore, South Korea’s Fait Trade Commission is also reportedly said to set up an investigation team to determine anti-competitive behavior and the amount of data collected by big tech.