South Korea is one of the few countries that takes the safety of its people’s data online seriously. Back in 2011, they had launched investigations into Apple and Google over allegations of possible user location tracking. Currently, and after a series of revelations of how Facebook handles the data of its users, the Korea Communications Commission (KCC) has decided that its time to investigate the social’s servers in California.
The preliminary investigation planning reports a risk of user data exposure or unlicensed sharing that concerns up to 121000 Korean accounts. KCC has analyzed all the information that emerged from the Cambridge Analytica scandal back in March and has already informed 86000 Koreans that their data have been inappropriately accessed. On the second phase in September, Facebook suffered yet another data breach that leaked the data of another 35000 Korean accounts.
While these leaks do not directly violate any laws, Facebook’s practices and privacy protection mechanisms may very well violate relevant local or national laws. KCC hopes that by inspecting Facebook’s server records, they will be in a position to deduce whether the methodologies and practices followed are violating data protection laws or not.
Facebook has already been proven to share personal data of accounts with other companies without the users’ consent, but KCC will have to prove that the social media giant was systematically doing so based on a specific operational context. KCC must correlate these practices with Korean laws, and prove the points of discordance against the country’s Personal Information Protection Act.
If this probe yields successful results on that part, Korea will charge Facebook with criminal charges. While the U.S. does not have an active data privacy law, Korea does have a strict policy and requires Facebook (and all other online entities that hold Korean user data) to notify users of how exactly their sensitive data is used and managed at least once a year. Moreover, KCC expects Facebook to maintain a separate database to hold the data of inactive accounts, while nothing should be shared without asking for the user’s permission first. The upcoming probe which is planned for the start of next year will shed light to the above, possibly revealing even more examples of Facebook’s “bulk handling” of user data.
Do you trust Facebook’s data management and privacy protection? Let us know in the comments below, and also like and subscribe on our socials on Twitter and Facebook.