Promotional image of AliExpress / Courtesy of AliExpress

Chinese online shopping platform AliExpress has been fined by the Korean government for providing the private information of Korean customers to overseas vendors without taking proper protective measures.

On Thursday, the Personal Information Protection Commission (PIPC), a ministerial-level central administrative agency overseeing data protection, announced that its plenary committee had decided earlier in the week to impose a fine of about 1.9 billion won ($1.3 million) on AliExpress. The penalty was for violating procedures outlined in the Personal Information Protection Act related to the transfer of personal information abroad.

This is the first time a penalty has been imposed by the Korean government on a business for violating the procedures stipulated in the act.

The PIPC stated it initiated an investigation into AliExpress and Temu — two major Chinese e-commerce platforms aggressively expanding in Korea — following a parliamentary audit late last year, which raised concerns about the increasing risk of personal information violations.

The investigation revealed that AliExpress had been providing Korean customers' personal information to over 180,000 overseas vendors for shipping purchased products, while failing to comply with Korea's personal information protection regulations.

According to the Personal Information Protection Act, consent from clearly informed customers must be obtained before their information is transferred overseas. Additionally, the law requires that contracts include measures to ensure data security and procedures to address complaints and disputes regarding potential personal information violations.

AliExpress failed to meet these obligations; the Chinese online mall did not notify customers of the legally required information, such as the countries to which their data was being transferred and the names and contact details of the recipients. Additionally, the company did not include necessary protective measures in its terms and conditions.

Furthermore, AliExpress made it difficult for Korean users to exercise their right to unsubscribe from the membership by displaying the account deletion page in English.

As a result, the PIPC has issued a corrective order for AliExpress to implement measures to prevent misuse of personal information during the transfer process and to simplify the procedure for unsubscribing from their membership.

In response to the penalty, AliExpress stated, "We will continue to actively incorporate the PIPC's feedback to provide the best service to customers."

In the case of Temu, also under investigation alongside AliExpress, the PIPC said it will further look into the company in the next plenary meeting.