In a significant regulatory move, South Korea’s Personal Information Protection Commission (PIPC) has fined Temu KRW 1.386 billion (USD 978,000) for violating the country’s Personal Information Protection Act (PIPA). The Chinese-owned e-commerce platform was penalized for transferring user data overseas without proper disclosure or consent.
Background: A Fast-Rising Retail Giant Facing Global Scrutiny
Temu, launched in 2022, has become one of the fastest-growing online marketplaces globally. By April 2025, the app surpassed 42 million downloads, outperforming even Amazon’s app in popularity, according to Statista. However, the platform has increasingly drawn scrutiny worldwide for its data privacy practices.
Investigations by the European Commission, ongoing lawsuits in Canada, the United States, and the UK, and now action in South Korea underscore a growing backlash against Temu’s handling of personal information.
What Did Temu Do Wrong?
According to the PIPC’s findings, Temu:
- Transferred user data to entities in Korea, China, Singapore, and Japan without informing users.
- Failed to disclose overseas data transfer practices in its privacy policy.
- Did not appoint a domestic data protection agent, as mandated by Korean law.
- Complicated the user withdrawal process with a seven-step deactivation flow, obstructing users’ ability to exercise their rights.
- Collected sensitive seller information (including facial recognition data) without adequate safeguards.
Despite these violations, the PIPC acknowledged that Temu took voluntary corrective actions after being notified of the investigation. These included policy revisions, appointing a local representative, and simplifying the membership withdrawal process.
Breakdown of the Penalties
The penalties issued include:
- Temu:
- KRW 1.369 billion (USD 977,000) for violating overseas data transfer rules and misprocessing Korean registration numbers
- KRW 17.6 million (USD 13,000) for failing to appoint a domestic agent and monitor third-party processors properly
- Whaleco Technology (user data handler):
- KRW 879 million (USD 630,000)
- Elementary Innovation (seller data handler):
- KRW 490 million (USD 350,000)
For context, in July 2024, Temu’s competitor AliExpress was fined KRW 1.978 billion (USD 1.4 million) for similar breaches of PIPA.
Regulatory Shift: A Warning to Foreign E-commerce Platforms
The PIPC also announced the release of a Chinese-language guide to South Korea’s data protection laws aimed at helping Chinese businesses comply when entering the Korean market. This move signifies the regulator’s intent to educate—yet firmly enforce—data protection compliance among foreign tech firms.
Final Thoughts
As regulatory frameworks tighten across Asia and globally, e-commerce platforms like Temu must prioritize data transparency, user rights, and localized compliance. This case sets a strong precedent for what international sellers can expect when operating in South Korea’s direct purchase landscape.
