Personal Information Commission Decision on May 14 Plenary Session
Violations Include Overseas Transfers and Resident Registration Number Processing
"Transparent Disclosure and Appointment of Domestic Representative"
The government has imposed a fine of 1,369 million won on the Chinese e-commerce platform Temu for violating the Personal Information Protection Act. Temu failed to notify users when entrusting their personal information to overseas operators and, when recruiting Korean sellers, collected ID cards and facial videos without consent.
On May 15, the Personal Information Protection Commission announced that it had held a plenary meeting the previous day and decided to impose a fine of 1,369 million won and an additional penalty of 17.6 million won on Temu for violating the Personal Information Protection Act.
Temu is an open market platform that allows sellers to offer products and charges a commission based on a percentage of the sales amount. However, it is characterized by delivering sellers' products directly from intermediary warehouses to buyers, meaning it does not provide users' personal information to sellers.
According to the commission's investigation, Temu had entrusted or stored user personal information with multiple operators in China, Singapore, Japan, and other countries, including Korea. However, Temu did not disclose this fact in its privacy policy or notify users. In addition, Temu did not provide training on personal information security management or conduct inspections on the status of personal information processing for entrusted companies, thereby failing to supervise and manage them.
As of the end of 2023, Temu had an average of 2.9 million Korean users per day using its services, yet it did not appoint a domestic representative as required by law. Furthermore, the withdrawal process for members was made complicated with seven steps, making it difficult for users to exercise their rights.
Problems were found not only in the handling of user personal information but also in the processing of seller information. Since February, when Temu began offering services for Korean sellers to sell and deliver products, it collected ID cards and facial videos from Korean sellers for identity verification and processed resident registration numbers without legal grounds. However, the commission stated that Temu has destroyed all such information during the course of this investigation.
The commission issued corrective orders and recommendations, including requiring Temu to transparently disclose the status and flow of personal information entrusted for processing, including overseas transfers, and to designate its Korean corporation as the domestic representative. The commission stated, "We will thoroughly monitor whether these measures are implemented to ensure that the personal information of domestic users is fully protected," and added, "Based on this action, we have prepared and distributed a guide on the application of the Personal Information Protection Act for Chinese operators."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
