Meta faces a $15.67 million fine from South Korea for unlawfully providing advertisers with sensitive user data.

South Korea’s data privacy authority has fined Meta 21.62 billion won ($15.67 million) for unlawfully gathering private information from Facebook users, including information on their sexual orientation and political beliefs, and distributing it to advertisers without their permission. According to the nation's Personal Information Protection Commission (PIPC), about 980,000 domestic Facebook users' political opinions, religious affiliations, and same-sex marriage status were among the data that Meta collected and shared with 4,000 advertisers.

Meta faces a $15.67 million fine from South Korea for unlawfully providing advertisers with sensitive user data.

South Korea’s data privacy authority has fined Meta 21.62 billion won ($15.67 million) for unlawfully gathering private information from Facebook users, including information on their sexual orientation and political beliefs, and distributing it to advertisers without their permission. According to the nation's Personal Information Protection Commission (PIPC), about 980,000 domestic Facebook users' political opinions, religious affiliations, and same-sex marriage status were among the data that Meta collected and shared with 4,000 advertisers.

"Specifically, it was found that behavioral information, such as the pages that users 'liked' on Facebook and the ads they clicked on, was analyzed to create and operate advertising topics related to sensitive information," the PIPC said in a press release. It further added that these themes classified individuals as being gay or transgender, deviating from North Korea, or belonging to a certain faith.

The agency charged Meta with processing such sensitive data without a valid legal basis and without first obtaining users' consent. Additionally, it criticized the tech giant for not implementing security measures to protect dormant accounts, which allowed criminal actors to obtain password resets for such accounts by presenting fictitious identification documents. Ten South Korean users' personal information was compromised when Meta granted such requests without verifying the phony IDs adequately.