South Korea’s state-run media regulator has begun a formal investigation into Facebook’s user data collection practices, joining the wave of worldwide probes into the firm's worst data breach crisis to date, while also adding other social network platforms to its inspection list.

The Korea Communications Commission confirmed Friday that it will embark on an investigation into the private data collection policies of Korea’s major social networks including Facebook, Instagram, KakaoTalk and Naver’s social networking service Band.

The move comes in response to media reports revealing that Facebook had been requesting access to user’s contacts, SMS data and call history on phones running on Android devices, when installing Facebook Messenger or Facebook Lite, a stripped-down version of the main app.

Facebook explained that only users who gave permission were affected and that it did not collect the content of the texts and calls. Users who wished to turn off this feature could do so via settings.

The KCC plans to examine whether Facebook, or any other social network service operator, breached Korea’s Act on Promotion of Information and Communications Network Utilization and Information Protection.

The call and text logging feature is just one of several privacy concerns and criticisms that Facebook has faced over the past few weeks.

It all began with the alarming revelation Facebook had allowed Cambridge Analytica, a political consultancy working for the Donald Trump presidential campaign, to wrongfully harvest the profiles of some 50 million Facebook users without their permission for voter profiling.

The incident was met with public fury and prompted a series of investigations and hearings from authorities in the US, the UK, the European Union and Canada that would likely result in a hefty fine for the social network operator.

Some of Facebook’s major advertisers have begun to reconsider placing ads on the social network, while many disappointed users worldwide have jumped onto the #DeleteFacebook movement.

Korean users have also raised their feelings of mistrust towards Facebook, with some questioning privacy policies of other local internet firms like Naver and Kakao that also collect and handle massive user data.

The latest development is considered an anticipated crisis as tech companies around the world have been harvesting massive amounts of user data for years in the name of connectivity, escalating the risks of misappropriation and abuse.

The biggest issue has been with the “social log-in” feature where people can log into third-party websites and apps using their Naver or Kakao accounts, bypassing the cumbersome process of having to sign up for a new account on a new website.

Naver and Kakao stress that the information they share is not as extensive as that of Facebook. Naver provides only basic information including a user’s name, e-mail address, nickname, birthday, age and gender. Kakao offers only a user’s nickname, e-mail and KakaoTalk profile picture. Forms of personal data such as chat history are not shared.

Nonetheless, the social log-in feature involves passing on personal user data to outsiders, and in turn escalates the risks of a data breach or mismanagement. 

Naver and Kakao said that they mandate partners using the social log-in feature not to share the user data with other parties. However, they currently do not have mechanisms to ensure that the data they had originally provided remains secure.

The failure to ensure such data protection is what had led to Facebook’s Cambridge Analytica scandal in the first place. 

In an attempt to salvage its plunging reputation, Facebook’s founding CEO Mark Zuckerberg issued a formal apology last week and promised to investigate all the apps that had access to vast amounts of user data prior to 2014 when Facebook changed its privacy policies to prevent abusive apps from engaging in potential data misuse.

The social network also pledged to turn off access for unused apps, restrict the data that an app can request, make app management privacy and control easier and more visible for users, and reward those who discover misuses of Facebook data by third-party app developers.

Despite the series of efforts, Facebook faced yet another plunge in credibility on Friday after an internal memo suggesting that the firm’s leadership prioritized growth over all else, even if it meant overlooking the physical and social risks of the social network.

“We connect people. Period. That’s why all the work we do in growth is justified. All the questionable contact importing practices. All the subtle language that helps people stay searchable by friends. All of the work we do to bring more communication in. The work we will likely have to do in China some day. All of it,” Facebook Vice President Andrew “Boz” Bosworth wrote in a 2016 memo for Facebook employees titled “The Ugly,” which was publicized by US-based BuzzFeed News.

“So we connect more people,” Bosworth wrote in another section of the note. “That can be bad if they make it negative. Maybe it costs a life by exposing someone to bullies. Maybe someone dies in a terrorist attack coordinated on our tools.”

In response to the controversy, Zuckerberg said in a statement that he does not believe in a mantra of “growth at any cost” in which the “ends justify the means.”

By Sohn Ji-young (jys@heraldcorp.com)