SEOUL, July 27 (Korea Bizwire) — The Personal Information Protection Commission (PIPC) said Thursday it has imposed a fine of 3.6 million won (US$2,829) on OpenAI, the operator of the generative chatbot ChatGPT, for exposing the personal information of 687 South Korean users.
A now-patched bug in an open-source library on ChatGPT created a caching issue in March, causing the unintentional visibility of payment information of ChatGPT Plus subscribers during a nine-hour window, including first and last names, email addresses, the last four digits of credit card numbers and credit card expiration dates, OpenAI has said.
A total of 687 users in South Korea have been confirmed to be among those affected by the exposure.
The PIPC said it has fined OpenAI for breaching its duty to report a leakage to authorities within 24 hours of finding it.
But the privacy watchdog concluded the company cannot be held responsible for lax personal information protection measures.
The watchdog has also recommended OpenAI take measures to prevent a recurrence of the incident, comply with South Korea’s personal information protection law and cooperate actively with the commission’s prior inspection activities, it said.
The PIPC said it has also slapped Meta Platforms with an additional fine of 7.4 billion won for collecting personal information without users’ consent and using it for personalized online advertising.
In September last year, the commission fined Meta 30.8 billion won for neither clearly informing nor getting prior consent from users when collecting or analyzing such data to estimate their personal interests and use that information to provide personalized advertisements.
The latest fine was imposed for personal information breaches committed before July 2018, the commission said.
The watchdog has also found that Meta clandestinely collected Facebook users’ personal information through “Facebook Login,” a program developers can download to have users log into their applications or websites with Facebook accounts.
The PIPC had considered filing a criminal complaint against Meta for investigation but has decided to give a grace period for the company to redress the matter on its own.