Meta has been fined 21.62 billion won ($15.67 million) by South Korea's data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent.
The country's Personal Information Protection Commission (PIPC) said Meta gathered information such as religious affiliations, political views, and same-sex marital status of about 980,000 domestic Facebook users and shared it with 4,000 advertisers.
"Specifically, it was found that behavioral information, such as the pages that users 'liked' on Facebook and the ads they clicked on, was analyzed to create and operate advertising topics related to sensitive information," the PIPC said in a press statement.
These topics categorized users as following a certain religion, identifying them as a gay or transgender person, or being a defector from North Korea, it added.
The agency accused Meta of processing such sensitive information without a proper legal basis, and that it did not seek users' consent before doing so.
It also called out the tech giant for failing to enact safety measures to secure inactive accounts, thereby allowing malicious actors to request password resets for those accounts by submitting fake identification information. Meta approved such requests without sufficient verification of the fake IDs, resulting in the leak of the personal information of 10 South Korean users.
"Going forward, the Personal Information Protection Commission will continue to monitor whether Meta is complying with its corrective order, and will do its best to protect the personal information of our citizens by applying the protection law without discrimination to global companies that provide services to domestic users," the regulator said.
Meta, in a statement shared with Associated Press, said it will "carefully review" the commission's decision.