The Personal Information Protection Commission (PIPC) has imposed a record-breaking fine on Coupang for a massive data breach, despite pressure from U.S. political circles.
The PIPC stated that its decision was based solely on the principles of the Personal Information Protection Act, without considering external pressures or circumstances.
To ensure fairness, the commission held an unprecedented 13-hour meeting, the longest in its history, to fully hear Coupang’s explanations.
The fine of 624.68 billion KRW (approximately 410.7 million USD) dwarfs the previous record of 134.8 billion KRW (88.6 million USD) imposed on SK Telecom (SKT) last year for a data breach affecting 23.24 million individuals.
On Wednesday, the PIPC convened and decided to levy this massive fine on Coupang for a breach that compromised the data of over 37.5 million individuals.
This amount significantly surpasses the previous record set in the SKT case.
The PIPC cited multiple violations by Coupang, including failure to securely manage user authentication methods, neglect of access controls to prevent unauthorized access and breaches, and violations of data breach notification and information destruction obligations.
Additionally, Coupang was found to have unlawfully collected and stored online activity records of 11.17 million users without consent, further violating privacy laws.
South Korean Government Faces U.S. Pressure Following Coupang Data Breach
Following the incident, investors in U.S.-listed Coupang Inc., including GreenOx and Altimeter, petitioned the Office of the U.S. Trade Representative (USTR) for a Section 301 investigation, questioning the South Korean government’s response.
These investors alleged that the South Korean government was unfairly targeting U.S. companies through its investigation and regulatory measures.
They argued that South Korea’s actions were aimed at creating a favorable environment for domestic and Chinese competitors, and even threatened to file an International Investment Dispute Settlement (ISDS) arbitration against President Lee Jae Myung and the South Korean Ministry of Justice.
The U.S. House Judiciary Committee invited Harold Rogers, Coupang’s interim representative in Korea, for a closed-door hearing, while Vice President JD Vance discussed the issue with South Korean Prime Minister Kim Min-seok during his U.S. visit.
During a U.S. House Foreign Affairs Committee hearing on June 3, Congressman Darrell Issa claimed that South Korea’s democracy has shifted leftward, opening more pathways to China, and accused the country of suppressing U.S. companies like Meta and Coupang.
South Korean Government Maintains Constant Dialogue with U.S. Officials and Lawmakers as Privacy Watchdog Holds Firm on Principles
In response to these claims, the South Korean government has maintained ongoing communication with U.S. officials and lawmakers.
A Foreign Ministry official stated on Thursday that it’s continuously assuring the U.S. that the Coupang investigation is proceeding through legitimate domestic channels. It will calmly explain the results of the decision to U.S. officials.
The PIPC has reportedly worked diligently to uphold its principles amid complex external pressures. PIPC Chairperson Song Kyung-hee emphasized on May 12 that the decision will be based strictly on legal principles.
In a previous briefing, she stressed that it focused solely on the violations of the Personal Information Protection Act, the evidence, and the investigation results, without considering whether the company was domestic or foreign, or any other external factors.
The PIPC provided Coupang ample opportunity to present its case during the marathon 13-hour meeting.
Chairperson Song noted that it held extensive preliminary discussions among commissioners and extended the meeting to ensure we fully heard Coupang’s perspective. The goal was to give them every chance to express their position.
She added that it spent about five hours on the data breach case and nearly three hours on the infringement issues, carefully verifying Coupang’s statements through thorough questioning and comparing them with the investigation results.
A government official stated that the PIPC conducted a fair investigation and sanctions discussion, providing Coupang multiple opportunities to present its case through the general meeting and written submissions. They adhered to principles, believing this approach would prevent future issues.