Temu fined nearly $1M in South Korea for data transfers to China

South Korea’s Personal Information Protection Commission (PIPC) has fined Chinese e-commerce platform Temu nearly one million dollars for violating the country’s data protection laws. 

‍

The penalty, totaling 1.39 billion won (about US $997,624), was issued after regulators found that Temu transferred personal data of Korean users to overseas companies, including entities in China, without informing users. The PIPC stated that Temu outsourced data processing and storage to firms located in China, Japan, Singapore, South Korea, and other countries. This conduct should have been noted in the company’s privacy policy, informing users of how their data is being processed and where. 

‍

Failing to do so means that Temu was in violation of local data privacy regulations, specifically the country’s data protection act. The law requires companies to provide transparency about where and how user data is stored and managed. Temu should have also monitored these third parties to ensure that data is being handled in accordance with the law.