S.Korea fines AliExpress $1.4 mn for alleged privacy breach
Seung-Woo Lee
8 HOURS AGO
AliExpress ad in South Korea South Korea’s privacy authority is punishing AliExpress with measures including a $1.4 million fine for allegedly not providing measures to protect consumer information as local online shopping platforms suffer amid the rapid expansion of the Chinese e-commerce giant.
The Personal Information Protection Commission (PIPC) said on Thursday it has decided to slap a fine of 2 billion won ($1.4 million) in addition to a penalty of 7.8 million won on AliExpress for violating South Korea’s privacy laws. The commission also ordered the e-commerce arm of China’s Alibaba Group to take corrective measures while also recommending improvements.
The PIPC said AliExpress provided information about customers in South Korea to about 180,000 sellers in other countries, mostly in China, without taking measures required by the Personal Information Protection Act.
AliExpress was the first company punished for violating overseas personal data transfer procedures required by law, according to the authority.
“The decision made it clear that foreign e-commerce operators, which provide services to local customers, are subject to the national protection law and need to protect and manage personal information just as local companies are required to do,” said the PIPC in a statement.
The commission has been probing AliExpress and another Chinese e-commerce platform Temu, since South Korean lawmakers raised concerns over privacy breaches in October 2023, given the rapid expansion of foreign online open market service providers on the peninsula.
The PIPC also plans to take action with Temu after checking more facts and information provided by the Chinese online shopping mall operator.
PRIVACY ACT VIOLATION
By law, South Korea requires e-commerce operators to obtain customer consent on overseas transfers of their data, address privacy violation issues and outline protocols for infringement disputes in contracts.
AliExpress, which transfers customers’ information such as their addresses to sellers for deliveries, did not inform the buyers of the vendors’ data such as their names and contact details required by law, according to the PIPC.
The Chinese e-commerce platform operator did not reflect necessary measures for private information protection in its terms and conditions for its sellers, the body said.
The PIPC ordered AliExpress to take corrective steps such as including such necessary measures in contracts with vendors required by South Korean law to prevent sellers from abusing customer information. The commission also recommended the Chinese company apply self-regulations set up by the authority and local e-commerce platform operators or prepare its own privacy protection measures that meet the regulations.
AliExpress has already taken some corrective measures such as establishing legal grounds required by laws to obtain users’ consent on overseas private information transfer during the investigation, the PIPC said.
(Graphics by Dongbeom Yun) DEFENSE AGAINST RAPID EXPANSION
AliExpress was the second-largest player in South Korea with 8.4 million monthly active users (MAU) last month, followed by Temu with 8.2 million MAU, while New York Stoick Exchange-listed Coupang Inc. still dominated the local market, according to data from app analytics firm Wiseapp·Retail·Goods.
South Korea is taking various actions against Chinese e-commerce operators as their rapid expansion threatens the local industry.