Earlier in January, the South Korean government fined Apple for accessing data that it illegally obtained without the consent of the users. Authorities found that Apple used data from its users in South Korea to predict when people couldn’t pay for App Store purchases, resulting in a total fine of 4.65 billion won. Soon after, during a meeting on February 25th with the Personal Information Protection Commission (PIPC), Apple delegates in South Korea refused to comment on the recently imposed fines for mishandling user data.
South Korea imposed a fine of around $3.2 million on Apple for mishandling of user data
The South Korean government fined Apple for a sum that’s nearly under $3.2 million last month for mishandling data of its users. The iPhone maker reportedly used the data to create a Non Sufficient Funds (NSF) score. This score represented a consumer-specific metric that helped determine when an iPhone user had enough money to pay for multiple small payments, such as in-app purchases, included in one bill.
The PIPC found Apple’s misuse of user data and fined the company 2.45 billion won (approx. $1.71 million) and told it to destroy the NSF score calculation model. Furthermore, the authorities imposed an additional fine of 2.2 billion won (around $1.53 million) on the iPhone manufacturer for failing to disclose that it had obtained users’ information in the first place.
In the PIPC meeting on February 25th, officials asked Apple if it had kept records so they could investigate the data misuse incident. However, the Apple delegates only answered, “Many of those related have left the company. We can’t track down (the related) emails”. Also, the PIPC asked Apple which other countries used its NSF scores. The Cupertino tech giant’s representatives responded by saying, “It is hard to make a public statement because we have to confer with our client. We do not know exactly”.
The responses of Apple’s delegates didn’t impress the PIPC members. They said, “We cannot but wonder if it is appropriate for the respondent to simply say, ‘we don’t have the data’, or ‘this is all we can tell you’.”
The data collection occurred in 2018 and affected nearly 40 million Apple users
As Apple Insider reports, the incident in question originated from data collected by Kakao Pay, which is a mobile payment service based in South Korea. Kakao Pay sent the data of iPhone users to Alipay, which is a Singapore-based digital wallet platform. The incident occurred between April and July 2018 and affected nearly 40 million Apple device users.
According to PIPC, “Less than 20% of users registered Kakao Pay with Apple as a payment method, but Kakao Pay sent the information of all users, including not only Apple users but also non-Apple users (e.g. Android users), to Alipay.”
Notably, Kakao Pay didn’t inform its users when it sent their data overseas. This type of data collection is a violation of South Korea’s Personal Information Protection Act (PIPA). Furthermore, Apple didn’t reveal that it had a trustee relationship with Alipay. The South Korean authorities fined Kakao Pay around 6 billion won or approximately $4.2 million for the same incident.
