Naver, Kakao, Meta and Others Complete Improvements... Personal Information Protection Commission Says "95% of Corrective Measures Implemented"

원본보기 아이콘

The Personal Information Protection Commission announced on December 11, 2025, that out of 108 corrective orders, recommendations, and public disclosure orders with implementation deadlines in the first half of this year, 103 cases (approximately 95.3%) have already been fulfilled or have submitted implementation plans.

This inspection also included the case of Meta, which was found in November last year to have collected and generated sensitive information such as religious and political inclinations and sexual orientation without user consent, using it for targeted advertising. At the time, the commission imposed a fine of 21.6 billion won and a corrective order on Meta, which subsequently completed the required actions by removing the sensitive information-based targeted advertising option.

The 12 non-life insurance companies that were sanctioned in December last year for violating procedures related to consent for personal information processing also implemented the required improvements. They eliminated pop-ups that repeatedly requested consent from users who had not agreed on the premium calculation screen, and modified their systems to automatically delete related personal information if premium calculation was halted or if a contract was not concluded.

Chonbuk National University, which was sanctioned in June for violating security safeguard obligations, completed simulated hacking and vulnerability checks and remediation for its information systems, as well as the establishment of a security monitoring platform, thereby improving its security level. Ewha Womans University also strengthened authentication procedures for its academic administration system and introduced a 24-hour remote monitoring system, making comprehensive improvements to its overall security system.

원본보기 아이콘

All improvement recommendations issued based on the preliminary inspection of cloud service providers have also been implemented. Amazon Web Services, Microsoft Azure, and Naver Cloud prepared guidelines that include service configuration items and separate solution subscription information.

Modetour, which was sanctioned in March this year, added "destruction" to its regular ERP (Enterprise Resource Planning) inspection items and modified its system to ensure that personal information is automatically deleted.

The five operators of social login services have also implemented all recommended improvements. The commission explained that each operator has clearly provided instructions in developer documentation on how to unlink and delete personal information when users withdraw from social accounts, ensuring timely deletion of linked data.

The commission plans to further verify the implementation of corrective measures for three respondents still under inspection and will encourage compliance if necessary. In addition, it will pursue institutional improvements to enhance the effectiveness of corrective orders, such as further categorizing the types of orders and strengthening the inspection process.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.