South Korea’s Personal Information Protection Commission has taken a strong stance against global tech giants OpenAI and Meta, highlighting the growing significance of data privacy worldwide. 

In response to a data breach resulting in 687 South Koren users having their personal information exposed, South Korea’s Personal Information Protection Commision (PIPC) successfully fined OpenAI KRW 3.6 million (approximately USD 2,880). The PIPC’s decision to fine OpenAI stemmed from the company’s failure to report the data leakage to their authorities within the mandated 24 hours window of its discovery. To avoid similar incidents in the future, the PIPC has recommended OpenAI to take proactive, preventive data protection measures. These recommendations aim to bolster the company’s ability to adhere to personal data protection laws and collaborate closely with the commission to ensure adherence for future inspections. 

Meta, the parent company of social media platforms Facebook and Instagram, has also found itself in the crosshairs of the PIPC. The commission fined Meta based on its apparent practice of disadvantaging customers who refused to provide certain personal information. Some South Korean users were blocked from accessing platforms due to their reluctance to share personal data. The PIPC contended that the information Meta sought from these users exceeded the minimum data required to offer the services, constituting in a breach of privacy rights. 

The fines imposed by South Korea’s PIPC on OpenAI and Meta serve as a reminder that companies must proactively work to prevent such incidents while respecting user privacy as the digital landscape evolves. 

As a B Corp Data Protection Office, HewardMills is dedicated to assisting clients to address internal data privacy concerns and business practices.  Our team of data experts can help organisations gain a greater understanding emerging issues, such as the power of AI and the challenges it poses to data privacy . 

If you would like to discuss this topic or anything else data protection and privacy-related, please contact us at