Coupang Tracked Users' Online Activity Without Consent, South Korean Regulators Find

E-commerce giant Coupang is facing renewed controversy as it's revealed the company illegally collected online activity data from 11.17 million users who visited external websites and apps featuring its advertisements. This issue is distinct from the massive personal data breach that affected millions of users late last year.

The Personal Information Protection Committee (PIPC) confirmed that Coupang, between December 23, 2023, and February 4, 2024, gathered extensive online activity records from users visiting 15.64 million sites and apps that hosted Coupang ads. This data collection, which occurred without proper legal grounds, included browsing history (URLs, app names), access paths, timestamps, IP addresses, and operating system details. This information was then linked to user IDs and stored in Coupang's advertising database for personalized ad delivery.

A significant portion of the fine imposed on Coupang, specifically 201.1 billion won out of a total of 423.5 billion won for the parent company, is related to this illegal data collection. The PIPC highlighted that Coupang's "Coupang Partners" affiliate marketing program was at the core of the issue. While the program is designed to reward partners for driving sales through ads, Coupang allegedly collected user data even when ads were not clicked, a practice deemed a violation of privacy rights. The committee also noted instances where "hijacked ads" forcibly redirected users to Coupang's site, and Coupang failed to adequately manage these.

Adding to the company's legal troubles, Coupang allegedly obstructed the government investigation by manually deleting approximately five months' worth of access logs. Furthermore, Coupang Fulfillment Services, a subsidiary, was fined separately for collecting lists of journalists without logistics center work experience and registering them on a list restricting employment at logistics centers. The subsidiary also violated sensitive data regulations by submitting employee weight data, collected for health management, to a court in a workers' compensation lawsuit.

Coupang has stated that it regrets the PIPC's decision, arguing that its preventative measures and factual explanations were not fully considered. The company is reportedly considering legal challenges.

“

We are making efforts to ensure that the right people can enter.