Facebook data Scandal Highlights Stark Divide in Consumer Rights: $1 Trillion Settlement in US, zero Compensation in Korea

A $725 million (approximately 1 trillion won) settlement reached with American Facebook users stands in stark contrast to a Korean court ruling that found the social media giant liable for no compensation, exposing a critical disparity in consumer protection laws and the challenges facing victims of data breaches. The diverging outcomes, fueled by the recent data breach at Coupang, are sparking calls for legal reform in Korea.

Cambridge Analytica (CA) had harvested data from roughly 50 million Facebook profiles. Chris Wiley,a former CA employee,detailed to British media outlets like The Guardian how the firm leveraged this data for psychological warfare during the 2016 US presidential election,targeting voters with anxiety-inducing messaging in support of Donald Trump.

The scandal quickly centered on Facebook’s platform design, which, since 2007, had allowed third-party applications to access not only user data but also information about their friends – often without explicit consent from those friends. While users technically consented to sharing their own information, the same wasn’t true for their social connections.

US Class Action Yields $1 Trillion in Damages

American Facebook users swiftly launched a series of class action lawsuits. Despite initial denials of legal obligation, Meta – Facebook’s parent company – ultimately agreed to a $725 million settlement in 2022. Payments began in September of this year, with eligible users who signed up between May 2007 and December 2022 receiving an average of $29 (approximately 43,000 won). While the individual payouts are modest, the collective impact amounted to a notable $1 trillion hit to Meta, demonstrating the power of collective consumer action. The U.S. Federal Trade Commission (FTC) also levied a separate $5 billion (approximately 6 trillion won) fine against the company.

korea’s Individual Burden: A Failed Pursuit of Justice

The situation in Korea proved dramatically different. While the Personal Information Protection Commission fined Facebook 6.7 billion won in 2020 for the unauthorized provision of data belonging to at least 3.3 million Korean users, civil lawsuits filed by 187 individuals were dismissed in the first trial. The court ruled that plaintiffs were unable to prove their individual data had been compromised.

“Plaintiff A must prove to which app his information was provided without permission,” explained the court. Plaintiffs’ requests for Meta to provide evidence were repeatedly denied, even during appeals. This outcome underscores a fundamental flaw in korea’s civil damage compensation structure: the onus is on individual users to demonstrate a company’s wrongdoing, a task frequently enough rendered impossible by limited access to information.

The Power of ‘Class Action’ and Discovery

Experts attribute the contrasting results to the mechanics of “class action” lawsuits in the United States. Unlike the individual-focused approach in Korea,class actions treat victims as a collective group,shifting the burden of proof to the company to demonstrate it didn’t cause harm.

Furthermore, the US “discovery” system – which compels companies to submit requested evidence – proved crucial. Through this process, American plaintiffs secured Meta’s internal communications and even pressured CEO Mark Zuckerberg to testify. The looming prospect of Zuckerberg’s court appearance ultimately contributed to the $1 trillion settlement.

coupang and the Growing Demand for Reform

The recent data breach at Coupang,affecting 33.7 million customers, has reignited the debate over consumer rights in Korea and fueled calls for the adoption of a class action system. The Personal Information Protection Committee is currently exploring a procedure mirroring class action, allowing non-profit organizations to lead group lawsuits seeking damages.

Though, this proposed system falls short of the US “opt-out” model, where individuals are automatically included in a lawsuit unless thay actively choose to exclude themselves. “In cases characterized by ‘small majority,’ such as personal information infringement, a design based on ‘opt-out’ is necessary,” noted Lee Eun-woo, an attorney at Jihyang Law Firm. The current approach risks leaving many victims uncompensated, highlighting the need for a more robust and accessible legal framework.