![[사진=카카오]](https://thumb.zumst.com/780x0/https://static.news.zumst.com/images/90/2026/01/16/c3ce77e8d6d6409094c24edf7cf03f2c.png) |
[사진=카카오] |
The Seoul Administrative Court’s Administrative Division 14, presided over by Chief Judge Lee Sang-deok, ruled against Kakao in a lawsuit seeking to overturn a corrective order and fine issued by the Personal Information Protection Commission (PIPC).
The case stems from a 2023 investigation launched after media reports revealed that personal information of KakaoTalk Open Chat users was being illegally traded online. Investigators found that Kakao had inadequately managed member data, resulting in the leak of approximately 65,000 cases of personal information.
In May 2024, the commission imposed what it described as the largest fine ever levied under the Personal Information Protection Act, citing violations of mandatory security safeguards. Kakao filed an administrative lawsuit in November, arguing the sanction was excessive and procedurally unfair.
The court rejected Kakao’s claims, finding the commission’s action lawful and proportionate.
In its ruling, the court said a database combining mobile phone numbers, profile names, Open Chat room titles and related room profiles — which was posted and sold online — clearly constituted a personal data leak under the law. It further held that Kakao violated reporting obligations by failing to promptly notify authorities and affected users of the breach.
The court also pointed to deficiencies in Kakao’s security measures. It noted that the company applied encryption only to newly created Open Chat rooms starting Aug. 5, 2020, despite being aware — or reasonably able to foresee — that security risks had already materialized or that a data breach was possible. The court faulted Kakao for failing to take additional steps to strengthen protection for existing data.
Regarding the size of the penalty, the court said the commission appeared to have faithfully applied statutory calculation standards and found no grounds to deem the fine excessive.
“The amount of the administrative fine is justified,” the court said, concluding that the commission’s decision fell within the scope of its legal discretion.
The ruling reinforces regulators’ tough stance on data protection failures and underscores heightened judicial scrutiny of platform operators’ obligations to safeguard user information.
* This article, published by Aju Business Daily, was edited by AJP.
Song Ha-jun 기자 hajun825@ajunews.com
- Copyright ⓒ [아주경제 ajunews.com] 무단전재 배포금지 -
이 기사의 카테고리는 언론사의 분류를 따릅니다.