Personal Information Commission: "72% of Companies Have Discrepancies Between Stated and Actual Data Processing Policies"

Yonhap News

It has been revealed that 72% of major big tech companies, online shopping platforms, and medical institutions closely related to daily life have discrepancies between the contents stated in their own privacy policies and the actual methods of collecting and managing customer data.

According to the results of the "2024 Privacy Policy Evaluation" announced by the Personal Information Protection Commission on the 16th, many companies showed gaps between the officially notified privacy handling guidelines and actual operations.

This evaluation was conducted on 49 companies across seven sectors: big tech, online shopping, online platforms, hospitals and medical centers, OTT, entertainment, and AI recruitment. Major companies such as Naver, Kakao, Google, Meta, and Coupang were included in the evaluation, which was divided into three categories: appropriateness, readability, and accessibility.

Based on a 100-point scale, scores were given in the order of readability (69.1 points), accessibility (60.8 points), and appropriateness (53.4 points), with appropriateness identified as the area most in need of improvement. The Personal Information Protection Commission pointed out that companies need to accurately reflect the actual processing status in their privacy policies when introducing new services or changing existing ones.

Additionally, many companies vaguely expressed the "retention and use period of personal information" as "necessary period," and there was a lack of specific information regarding "personal information retained according to laws," making it difficult for consumers to know when their information would be destroyed.

In terms of accessibility, an average of 12 scrolls was required to find the privacy policy on websites, and some online shopping companies required more than 50 scrolls to access it. Among the 10 foreign companies obligated to designate a domestic representative, five did not actually provide personal information complaint and access services.

On the other hand, Seoul St. Mary’s Hospital, Lotte Tour Development, Homeplus, and Gmarket have systems in place that allow data subjects to immediately file complaints, and Naver and Kakao received high evaluations for specifying the purpose and items of personal information processing in detail at each service stage. The hospital and medical center sector received overall excellent evaluations, while overseas companies scored lower than domestic companies in all sectors.

The Personal Information Protection Commission plans to notify each company of the evaluation results and encourage improvements, and will announce the "2025 Privacy Policy Evaluation Plan" focusing on AI, smart homes, and other areas in May.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.