South Korea’s Personal Information Protection Commission (PIPC) has fined Apple 4.65 billion won ($3.2 million) for mishandling user data. The investigation found that Apple used illegally obtained data to predict when users might fail to pay for App Store purchases.
The violation involved Kakao Pay, a South Korean mobile payment platform. Kakao Pay sent user data to Alipay, a Singapore-based company, without consent. Alipay then developed a Non-Sufficient Funds (NSF) score to assess a user’s likelihood of completing bundled App Store transactions.
Apple’s Response Raises Concerns
During a February 25 meeting with PIPC, officials questioned Apple about data sharing and the NSF score’s global use. Apple representatives, however, gave vague responses. They said they needed legal consultation and claimed they couldn’t verify details because key employees had left the company.
Regulators expressed frustration over Apple’s lack of transparency. Officials criticized the company for failing to provide clear answers, questioning whether it was handling the case responsibly.
Fines and Orders Issued to Apple and Partners
Apple must destroy the NSF score model and pay fines for both data misuse and non-disclosure.
- Apple: Fined 2.45 billion won ($1.71 million) for using illegally obtained data and 2.2 billion won ($1.53 million) for failing to disclose data collection.
- Kakao Pay: Fined nearly 6 billion won ($4.2 million) and ordered to align its data-sharing practices with South Korea’s Personal Information Protection Act (PIPA).
- Alipay: Ordered to destroy the data model, but has not received a fine.
Implications for Apple’s Global Privacy Commitments
This case raises concerns about Apple’s commitment to user privacy. The company has built its reputation on protecting customer data, but this investigation suggests gaps in its practices.
Apple has not publicly responded to the ruling. With increased global scrutiny on data privacy, the company could face similar regulatory challenges in other regions.
