Google LLC (South Korea)
Issued by Personal Information Protection Commission (PIPC) on 2022-09-14
What happened
South Korea's Personal Information Protection Commission (PIPC) fined Google ₩69.2 billion (approximately $50 million USD) for collecting and using users' location data without obtaining proper consent. The PIPC found that Google violated South Korea's Personal Information Protection Act (PIPA) by defaulting its location tracking services to 'on' in Android device settings and making it difficult for users to find and change these settings. Google collected location data from Android users even when they believed they had turned off location tracking, as the company tracked location through multiple overlapping settings that were not clearly explained to users. The investigation also found that Google's consent process did not adequately inform users about how their location data would be used.
Articles violated
Lessons learned
Default settings that enable data collection without clear user awareness violate consent requirements. Location data is particularly sensitive and requires transparent, easy-to-understand consent mechanisms. Making privacy settings difficult to find or understand undermines the validity of consent. South Korean regulators are willing to impose significant fines that rival EU GDPR penalties. Companies operating globally must comply with each jurisdiction's specific consent requirements, which may be stricter than the company's home country rules.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Technology
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.