SEOUL, South Korea (AP) — South Korean privacy watchdog fined Tuesday social media company Meta 21.6 billion won ($15 million) for illegally collecting sensitive personal information from Facebook users, including data about their political opinions and sexual orientation, and sharing it with thousands of advertisers.

It is the latest in a series of sanctions handed down against Meta by South Korean authorities in recent years, as they step up their oversight of how the company, which also owns Instagram and WhatsApp, handles private information.

Following a four-year investigation, South Korea’s Personal Information Protection Commission concluded that Meta illegally collected sensitive information about around 980,000 Facebook users, including their religion, political views and affiliation. or not to same-sex unions, from July 2018 to March 2022.

The company said the company shares the data with about 4,000 advertisers.

South Korea’s privacy law provides strict protection for information related to personal beliefs, political opinions and sexual behavior, and prohibits companies from processing or using such data without the specific consent of the individual concerned.

The commission said Meta collected sensitive information by analyzing which pages Facebook users liked or which ads they clicked on.

The company categorized the ads to identify users interested in topics such as specific religions, gay and transgender issues, as well as issues related to North Korean escapees, said Lee Eun Jung, director of the commission that led the investigation into Meta.

“Although Meta collected this sensitive information and used it for individualized services, they only made vague mentions of this use in their data policy and did not obtain specific consent,” Lee said.

Lee also said Meta put Facebook users’ privacy at risk by failing to implement basic security measures such as deleting or blocking inactive pages. As a result, hackers were able to use inactive pages to forge identities and request passwords for other Facebook users’ accounts to be reset. Meta approved these requests without proper verification, leading to data breaches affecting at least 10 South Korean Facebook users, Lee said.

In September, European regulators hit Meta with more than $100 million in fines for a 2019 security breach in which users’ passwords were temporarily exposed in an unencrypted form.

Meta’s South Korean office said it would “carefully review” the commission’s decision, but did not immediately provide further comment.

In 2022, the commission fined Google and Meta total 100 billion won ($72 million) for tracking consumers’ online behavior without their consent and using their data for targeted advertisements, representing the heaviest penalties ever imposed in South Korea for violating the privacy law.

The commission then said the two companies failed to clearly inform users or obtain their consent to collect data about them when they used other websites or services outside of their own platforms. He ordered companies to provide a “simple and clear” consent process to give people more control over whether they share information about what they do online.

The commission also fined Meta 6.7 billion won ($4.8 million) in 2020 for providing personal information about its users to third parties without consent.

Copyright 2024 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.