The Asian country has slapped the American social media titan with 21.6 billion after the South Korean Personal Information Protection Commission ruled it unlawfully collected and shared sensitive information about around 980,000 Facebook users, such as their religion, political views on sexual orientation from July 2018 to March 2022.

Lee Eun Jung, a director at the commission who led the investigation on Meta, said: “While Meta collected this sensitive information and used it for individualised services, they made only vague mentions of this use in their data policy and did not obtain specific consent.”

It said the company shared the data with around 4,000 advertisers.

The commission said Meta – which also owns Instagram and WhatsApp – accessed sensitive information by looking at the pages Facebook users liked or the advertisements they clicked on.

South Korea’s privacy law has strict protection for this sort of information and bans companies from processing or using the data without the consent of the involved.

Lee added that Meta put Facebook users’ privacy at steak by failing to implement basic security measures, including removing or blocking inactive pages – which led to hackers to use inactive pages to forge identities and submit password resets for other users’ accounts.

As a result, the tech company approved these requests without proper verification, and led to data breaches affecting at least 10 South Korean Facebook users, he claims.

Meta’s South Korean office said it would “carefully review” the commission’s decision.

It is the latest in a series of penalties against Meta by the country’s authorities recently

It comes as the firm and Google received fines worth a combined 100 billion won from European regulators in 2022 for tracking users’ online behaviours without their consent and using their data for targeted advertisements.