South Korea’s Personal Information Protection Commission (PIPC) has fined AliExpress for what it considered significant data protection breaches. The penalty, totalling 1.978 billion KRW (approximately £1.13 million) plus an administrative fine of 7.8 million KRW (£4,460), marks the first enforcement action by the PIPC for infringements in international data transfers.  

 The regulator particularly highlighted critical failures in the company’s data handling practices, including:  

  • AliExpress did not provide adequate transparency about where users’ personal data was being transferred;  
  • The company failed to include necessary privacy safeguards in its terms and conditions;  
  • The platform complicated users’ ability to exercise their rights by making it difficult to find options to unregister or delete accounts, with crucial pages only available in English rather than Korean.  

AliExpress isn’t the only platform to fall foul of international data transfer rules. In 2023, Line, the Japanese messaging service, restricted its Chinese affiliates and contractors from accessing Japanese user data after concerns over data management practices. The decision came after the platform was forced to disclose a data breach in 2023 where 440,000 pieces of personal data was leaked, and a general concern around growing risks tied to third-party user access, especially in China. At the time, the government recommended policy changes to support compliance with Japanese privacy laws, such as notifying users when sending personal data overseas. 

Both cases highlight the fundamental necessity of implementing robust cross-border data transfer processes and being clear on the regulations in the jurisdiction that data is processed in. As a global Data Protection Officer services provider, HewardMills works with its clients to ensure cross-border data transfer processes are followed to avoid penalties. 

If you would like to discuss this topic or anything else data protection and privacy-related, please contact us at dpo@hewardmills.com.