Apple and Kakao Pay Fined Over Privacy
Proton’s Tech Fines Tracker (via Ben Lovejoy):
While $7.8 billion in fines sounds substantial, it represents little more than a rounding error for Big Tech. Based on free cash flow, Alphabet, Apple, Meta, and Amazon could collectively pay off all 2025 penalties in just 28 days and 48 minutes. Alphabet alone — fined more than $4 billion — could wipe out its penalties in about three weeks.
Here’s one that I missed at the time:
During the February 25 meeting with the Personal Information Protection Commission (PIPC), Apple representatives were asked which other countries used Apple’s NSF scores.
[…]
The incident in question stemmed from data collected by Kakao Pay, a mobile payment and digital wallet service based in South Korea. The data was sent to Alipay, a Singapore-based mobile payment platform.
[…]
KakaoPay customers were not being told that their data was being transferred overseas. This sort of data collection is a direct violation of South Korea’s Personal Information Protection Act (PIPA).
Additionally, Apple did not disclose that it had a trustee relationship with Alipay. PIPA required Apple to be transparent about the relationship, but it did not mention Alipay in its privacy policy.
I find this reporting confusing, but it sounds like Apple was partnering with an online payment service (akin to PayPal) that could be used to pay for transactions users made using their Apple account. Apple gave Kakao Pay access to customer information (such as NSF scores), which it then transmitted to its partner Alipay. 40 million users were affected, but the fines only totaled $3.2 million.
Data collection occurred between April and July 2018 and affected roughly 40 million users. According to PIPC, “less than 20% of users registered Kakao Pay with Apple as a payment method, but Kakao Pay sent the information of all users, including not only Apple users but also non-Apple users (e.g. Android users), to Alipay.”
I don’t understand whether this is saying that Apple had 20% marketshare and the rest were Android or that data from iOS users who were not using Kakao Pay was nonetheless shared, too.
Previously:
3 Comments RSS · Twitter · Mastodon
Keep in mind the financial games these companies play with these fines as well. It’s not like they’re going to just give over a month’s worth of top line profit. They’ll finance it and leverage it and probably wind up paying less than the total through clever financial workings.
The linked PIPC report is saying that less than 20% of KakaoPay users registered it as a payment method on an Apple device, and KakaoPay shared NSF data to AliPay from all their users, not just those on iOS. (So it's not all iOS users.)
Google Translate:
> In particular, even though less than 20% of all Kakao Pay users have registered Kakao Pay as a payment method on Apple, Kakao Pay sent information on all users, including not only Apple users but also non-Apple users (e.g. Android users), to Alipay
Firefox on-device translation:
> In particular, KakaoPay sent the entire user information to Alipay, which includes not only Apple users but also Apple users [sic] (such as Android users), even though less than 20% of all KakaoPay users registered KakaoPay as a payment method for Apple.
The link got swallowed by putting it in angle brackets: https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS074&mCode=C020010000&nttId=10955
