"Very Disappointing Result from Personal Information Committee
Member Serial Number and Temporary ID
Do Not Contain Any Personal Information"
The Personal Information Protection Commission imposed a fine of 15.1 billion KRW for personal information leakage, and Kakao has responded by refuting each point and stated that it is considering active measures including administrative litigation.
Kakao explained on the 23rd, "We actively explained to the Personal Information Protection Commission, but we are very disappointed with this outcome," and added, "We plan to actively consider various measures and responses, including administrative litigation, regarding this decision."
Kakao provided an explanation regarding the Personal Information Protection Commission's criticism that Kakao violated safety obligations by not encrypting temporary IDs of open chat room members. Kakao stated, "The member serial number and temporary ID are essential information for providing all online and mobile services, including messenger," and added, "These are numeric strings that do not contain any personal information and cannot be used to identify individuals."
They also said, "Service serial numbers generated by the business operator are not subject to encryption under relevant laws, so not encrypting them cannot be considered a violation of the law."
Furthermore, Kakao announced its position regarding the encryption of temporary IDs since August 2020. Kakao said, "Although temporary IDs cannot be considered personal information, we have operated and managed temporary IDs in an obfuscated manner since the launch of the open chat service," and added, "In addition, for open chat rooms created after August 2020, we applied stronger encryption to enhance security."
Regarding hackers combining member serial numbers with other information for sale, Kakao emphasized, "The other information combined and used by the hackers was not leaked from our company," and stated, "This was collected illegally by the hackers themselves, so it should not be considered when judging our company's illegality."
Regarding the Personal Information Protection Commission's announcement that Kakao violated the Personal Information Protection Act by failing to report the leakage and notify users despite recognizing the leakage of open chat room users' personal information in March last year, Kakao said, "Although we judged that this case was difficult to consider a violation of the Personal Information Protection Act, we immediately filed a proactive report to the police upon recognizing the situation last year," and added, "We also reported it to the Korea Internet & Security Agency (KISA) and the Ministry of Science and ICT."
Kakao also said, "We have actively cooperated with the police investigation and provided explanations to related agencies," and added, "On March 13 last year, we posted a service notice on KakaoTalk's announcements to alert all users."
Earlier, the Personal Information Protection Commission decided to hold Kakao responsible for the KakaoTalk open chat room personal information leakage incident and imposed a fine of 15.1 billion KRW, the largest ever on a domestic company, along with a penalty of 7.8 million KRW. They also ordered Kakao to notify users of the leakage and decided to publish the disciplinary results on the Personal Information Protection Commission's website.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
