The South Korean data protection authority announced Thursday that it has fined the Chinese shopping application AliExpress approximately 2 billion won ($1.44 million). The fine was imposed for the company’s transfer of South Korean customer data to 180,000 Chinese sellers. This marks the first instance of a company being fined in South Korea for violating the Privacy Act by transferring information abroad.
On Wednesday, the Personal Information Protection Commission (PIPC) concluded its investigation into AliExpress, which has been collecting and using customer data since February of this year. The PIPC imposed a fine of 1.9 billion won ($1.42 million) and an additional penalty of 7.8 million won ($5,600) on AliExpress for violating privacy laws.
AliExpress is an online marketplace based in China that enables merchants to sell products to customers worldwide. According to WiseApp, a company specializing in app and retail analytics, more than 8 million South Korean customers were using AliExpress as of April 2024. As of February 2024, it was the second most popular shopping application among South Koreans.
However, AliExpress has faced consistent allegations of breaching South Korean customer data. The Personal Information Protection Commission (PIPC) has been investigating the company since February of this year. AliExpress has been providing Korean customers’ information—including names, phone numbers, addresses, bank accounts, and card numbers—to 180,000 selling companies that need it for product delivery. Notably, nearly all of these merchants are based in China.
The PIPC emphasized that AliExpress failed to disclose which information was being handed over to sellers, the countries and companies receiving the data, and how customers could refuse the transfer of their personal information. According to South Korean privacy law, sellers are required to obtain customers’ consent to ensure they are aware of their data being transferred abroad.
Moreover, the company designed its website in a way that made it difficult for customers to locate the “delete account” button, displaying the page in a poorly readable English format.
In response, the PIPC issued a correction order to the company, instructing it to “simplify the process for deleting accounts” to address concerns about “interfering with users’ rights.”
The PIPC stated, “We clarified that even international retail sellers are subject to privacy laws if they sell to Koreans.” They also noted, “International sellers are required to manage and protect customer information in the same manner as domestic sellers.”
Meanwhile, the PIPC stated that its investigation into another Chinese retail platform, Temu, remains ongoing.
Related article: South Korea urges AliExpress, Temu to comply with privacy laws
The South Korean government has urged major Chinese online marketplaces to comply with the nation’s privacy laws.
On Thursday, officials from the Personal Information Protection Commission (PIPC) and the Korea Internet & Security Agency (KISA) met in Beijing with representatives from the Internet Society of China (ISC). The ISC, a prominent internet industry group composed of over four-hundred member companies, hosted the gathering. Approximately 10 Chinese companies, including e-commerce giants AliExpress and Temu, attended the meeting. During the discussions, South Korean authorities stressed the importance of Chinese companies adhering to South Korean privacy laws when operating within their jurisdiction.
Choi Jang-hyuk, the vice chairperson of the PIPC, detailed South Korea’s privacy laws, emphasizing the provisions that international businesses must follow when operating within the country. He urged Chinese companies to protect the data of South Korean users as diligently as they do their Chinese clients’ information. The PIPC disclosed to The Readable that both the ISC and the attending e-commerce firms agreed to strive toward compliance with South Korean privacy regulations.
Last February, the PIPC initiated an investigation into the privacy practices of Chinese e-commerce platforms, including AliExpress and Temu. The probe is primarily concerned with how these companies manage the personal information of their South Korean users. The investigation is tasked with determining where this data is sent and how it is utilized. In South Korea, the popularity of Temu and AliExpress is rapidly growing, with these platforms ranking first and third respectively in the online app store shopping charts as of April 18. READ MORE
