The Personal Information Protection Commission found that, among 160 corrective orders and recommendations for improvements, including global corporations, 153 had completed implementation or submitted an implementation plan.
The Personal Information Protection Commission noted on the 24th that it deliberated and voted on the implementation inspection results at the 9th plenary meeting held on the 23rd.
This inspection was conducted for domestic and international corporations and public institutions that received corrective orders or recommendations for improvements in the second half of 2024. It was confirmed that global corporations, including Meta and AliExpress, actively implemented major corrective measures and worked on institutional improvements.
Meta, which operates Facebook, received a corrective order along with a penalty surcharge due to an incident in 2020 where user friend information was provided to third-party apps without permission. Accordingly, it was reported that the company requested the deletion of personal information provided without consent from those apps and established a procedure to verify the deletion.
AliExpress implemented improvement measures related to the transfer of personal information overseas. It specified seller and shipping company information in its privacy policy and established a system to relay user complaints received through domestic agents to headquarters within three days. Additionally, it strengthened security measures by retaining seller account access logs for one year.
Domestic corporations also implemented corrective measures. The AI-based personal assistant service 'adot' shortened the data retention period for its call summary service from the previous one year to six months and newly introduced a function that allows users to be excluded from call summaries. 'Snow,' which has a face image generation feature, specified the photo transmission function in its privacy policy and strengthened security measures for external development tools.
In the case of public institutions, among the 31 organizations that received recommendations for improvements in September of last year, 30 completed implementation or submitted plans. They conducted measures such as strengthening system access rights, building a system for monitoring access logs, and enhancing dedicated personnel for personal information protection.
Some hospitals that received corrective orders due to patient information leaks were found to have improved technological and physical security, such as controlling the entry and exit of external storage devices, strengthening account management procedures, and implementing an access log system.
However, due to the absence of CCTV guidance signs, failure to implement improvements in public systems, and insufficient management of personal information by similar investment advisory companies, six cases remain incomplete, prompting the Personal Information Protection Commission to plan additional verification and encouragement for implementation.
The Personal Information Protection Commission stated that it will continue to actively share major implementation cases and strengthen the inspection system to enhance the effectiveness of corrective orders. It also mentioned that it will continue to monitor the level of personal information protection of foreign corporations according to domestic standards.