Kakao Pay, the payment service affiliated with Kakao Corp., has recently been involved in a major controversy over mishandling customer data. This incident compromised the personal information of over 40 million clients, with data being transferred across 54.2 billion instances to Alipay. The Chinese mobile and online payment platform is the second largest shareholder in Kakao Pay and is a subsidiary of Ant Group, which is the world’s largest fintech company. This incident highlights serious concerns about the security of personal data within mobile payment services.
The Financial Supervisory Service (FSS) revealed on Monday that during an investigation into Kakao Pay’s foreign exchange transactions, it was found that the company had transferred personal information to Alipay without obtaining customer consent. Alarmingly, the data included information on customers who had not made any cross-border transactions. The data comprised Kakao account IDs, mobile phone numbers and transaction details. This inciden
t indicates a serious failure in Kakao Pay’s data management and adherence to data protection regulations. Under its agreement with Alipay, Kakao Pay provides settlement and payment services at 81 million stores across 46 countries worldwide.
The FSS is preparing to initiate legal proceedings and consider potential sanctions against Kakao Pay. It was revealed that Kakao Pay provided Alipay with more information than required, including not only details on clients involved in Apple’s settlement system but also credit information and additional transaction details. This incident reveals a critical flaw in the management of personal information by a major domestic financial platform, which processes transactions totaling tens of trillions of won each year.
Skepticism has emerged regarding Kakao Pay’s assertion that the data transfer was a legitimate part of a chain-of-delegation procedure and did not require customer consent. According to the law, companies must obtain explicit consent before sharing personal
data with third parties, particularly for cross-border transfers. The FSS has indicated that Kakao Pay failed to adhere to these legal requirements.
Kakao Pay may have failed to fully understand the importance of laws concerning the protection of credit information and personal data. If this is true, it represents a serious issue. Additionally, oversight agencies and industry regulators should be held accountable for their lack of awareness and oversight regarding the misconduct that has occurred over the past few years.
This incident is not unique to Kakao Pay. Chinese companies, in particular, have faced scrutiny for mishandling user data. For example, AliExpress was recently fined for unlawfully transferring domestic customer data to Chinese sellers without informing clients. These recurring problems underscore potential gaps in current regulations and highlight the urgent need for clearer rules and stronger enforcement measures.
To protect personal data, immediate action is essential. First, Kakao Pay
should undergo a comprehensive investigation, with appropriate penalties and corrective measures implemented to prevent future incidents. Additionally, regulatory reforms are necessary. Legal provisions should be revised to address any loopholes exposed by this incident.
Oversight agencies and industry regulators must enforce stricter inspections of personal information management by domestic financial platforms and closely monitor multinational corporations for unlawful data transfers in areas such as shopping, messaging and video services.
The importance of safeguarding personal information cannot be overstated. Once data is leaked, it can be illicitly circulated or exploited for criminal activities, resulting in irreversible damage. The recent data mismanagement at Kakao Pay highlights the vulnerabilities inherent in digital transactions and underscores the urgent need for stronger protective measures. Both the government and private sector must work together to enhance the regulatory framework and enfor
ce stringent compliance to safeguard data sovereignty and individual privacy. Kakao Corp, already under scrutiny, should intensify its efforts to overhaul and strengthen its management practices and governance, aiming to reestablish itself as the nation’s most trusted social media giant.
Source:Yonhapi News Agency