The Personal Information Protection Commission imposed fines totaling approximately 9.2 billion KRW on major automobile insurance companies that collected customer personal information through deceptive means and used it for marketing purposes.
On the 12th, the Personal Information Protection Commission announced that it had decided to impose fines and corrective orders on 12 automobile insurance companies for violating the Personal Information Protection Act.
The companies subject to the sanctions are Hyundai Marine & Fire Insurance, AXA General Insurance, Hana Insurance, MG Insurance, Lotte Insurance, Samsung Fire & Marine Insurance, DB Insurance, KB Insurance, Meritz Fire & Marine Insurance, Hanwha Insurance, Heungkuk Fire & Marine Insurance, and Carrot Insurance.
Earlier, following reports that automobile insurance companies were excessively requesting customer personal information, raising concerns about infringement of data subjects' rights, the Commission launched an investigation in August of last year.
As a result of the investigation, it was found that four companies?Hyundai Marine, AXA General Insurance, Hana Insurance, and MG Insurance?operated pop-up windows (re-induction windows) that induced users who had indicated non-consent in the consent box for product introduction to change their selection. The re-induction windows lacked the legally required notices or expressions necessary for consent regarding 'collection, use, and provision of personal information.' When users clicked the 'Confirm (Consent)' button on the re-induction window, it was processed as if they had consented all at once to the collection and use of personal information, third-party provision of personal information, and receipt of advertising information.
During the period these four companies operated the re-induction windows, the marketing consent rate of users surged by 30 percentage points from 31.4%, and after the re-induction windows were removed, it dropped by 35 percentage points from 62.9%. The collected personal information was used not only for automobile insurance but also for marketing other insurance products operated by the companies, such as driver insurance, health insurance, and dental insurance.
Approximately 30 million marketing messages, including text messages and phone calls, were sent solely for automobile insurance, and over 15,000 spam reports were received.
Additionally, it was confirmed that internal controls, such as reviews by the company's Chief Privacy Officer (CPO), were not functioning properly.
All 12 insurance companies, including the four mentioned, collected users' names, resident registration numbers, and mobile phone numbers during the automobile insurance premium calculation service process and retained this information for one year even if the customer did not enter into a contract.
The Personal Information Protection Commission imposed fines totaling 9.207 billion KRW on the four insurance companies?Hyundai Marine, AXA General Insurance, Hana Insurance, and MG Insurance?and issued corrective orders to strengthen the internal control role of the CPO.
For all 12 insurance companies, the Commission ordered the suspension of automobile insurance premium calculation services or the prompt destruction of information of users who did not enter into contracts once the purpose of processing was achieved. Lotte Insurance, which failed to destroy user information for over a year, was fined 5.4 million KRW.
The 12 insurance companies submitted to the Commission their intention to destroy the names and resident registration numbers of users who did not enter into contracts within six months, and other information within 5 days to 1 month.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
