The Korea Herald

지나쌤

[Editorial] Flawed business practice

Platforms including Google, Meta should rethink the way they abuse user privacy data to make profits

By Korea Herald

Published : Sept. 20, 2022 - 05:30

    • Link copied

The South Korean government on Wednesday slapped a combined fine of 100 billion won ($72 million) on Alphabet’s Google and Meta Platforms for privacy violations, touching off a dispute about their business practices.

The Personal Information Protection Commission fined Google 69.2 billion won and Meta 30.8 billion won for failing to clearly inform users and get their consent before collecting behavioral data that they used to generate customized ads.

The privacy panel said Google has not clearly notified users of its collection and usage of users’ information for at least six years since 2016 by setting the default option as users agreeing to offering their data. Meta has used its users’ behavioral information from other firms to produce customized ads since July 2018, without obtaining consent from users, the PIPC said.

The corrective order was the country’s first-ever government action against the way platform service providers gather users’ behavioral data to customize digital ads.

There has long been a dispute over the abuse of privacy data as both global and local platforms rely heavily on collecting massive amounts of user data to customize online ads -- the key source of income for platforms dominating the rapidly growing digital economy.

But the controversy is unlikely to fade away. The two global platform giants claimed they complied with the law and did not agree with the decision by the Personal Information Protection Commission. Meta, in particular, hinted at launching a legal fight to reverse the penalty.

On Thursday, the main opposition Democratic Party of Korea and the minor progressive Justice Party are scheduled to hold a public forum with major civic organizations to discuss the unauthorized collection of personal data and issues on customized digital ads.

The stakes are high for every party involved. Individual users routinely offer their personal information and behavioral data to platforms and marketing companies in order to use popular digital services such as YouTube and Facebook. How their private data are used or resold for corporate profit is rarely made public, raising concerns about flimsy privacy protection. This is a crucial issue that should be further scrutinized by state agencies, civic groups and user communities.

Meanwhile, platform operators and online marketing firms find it hard to resist temptation to collect as much personal information as possible as customized ads based on detailed behavioral data of users can bring enormous profits.

In a joint statement Wednesday, a group of Korean civic groups welcomed the privacy panel’s move, saying that it is meaningful to take action against years of illegal private data collection by Big Tech and the authority should conduct follow-up investigations on other areas to crack down on privacy violations.

Another hot-button issue that Google and Meta should clarify is the allegation that they are applying different privacy default settings in a way that treats Korean users unfairly compared with European counterparts. For instance, Google allows users in Europe to directly select privacy options in stages including the collection of behavioral data, customized ads and privacy protection.

Meta recently suffered a strong backlash in Korea for its contentious plan to restrict services unless users agree with providing their data. Following an uproar, Meta withdrew the plan, which is now being investigated by the PIPC.

Global platforms led by Google and Meta are being challenged for their abusive practices elsewhere. In June 2020, Germany’s top court ruled that Meta had abused its dominance in social media for illegally gathering data about its users. In January this year, France’s data privacy watchdog slapped Google with fines of 150 million euros and Meta with 60 million euros for making it difficult for users to reuse online trackers, also known as cookies.

Given that the importance of privacy protection cannot be emphasized too much in the digital era, both global and local platform providers should fix any flawed policy or abusive default settings aimed at harvesting massive user data to seek only profits without considering privacy protection.