Chinese cross-border e-commerce platform Temu has been fined 1.369 billion won for unlawfully transferring personal information — including names, addresses, and customs clearance codes — of South Korean users overseas without consent. (Yonhap)
SEOUL, May 15 (Korea Bizwire) — The Personal Information Protection Commission (PIPC) of South Korea has imposed a ₩1.36 billion (approximately $990,000) fine on Chinese e-commerce platform Temu for violating the country’s data protection laws, including the unauthorized overseas transfer of personal data belonging to South Korean users.
The penalty, announced on May 15, comes after a year-long investigation into Chinese cross-border commerce (C-commerce) platforms, including Temu and AliExpress. While AliExpress was fined ₩1.98 billion in July 2024, enforcement against Temu was delayed due to the company’s failure to submit sales data necessary for calculating fines.
Temu, which has an estimated 2.9 million daily Korean users as of late 2024, was found to have outsourced personal data processing to business entities in China, Singapore, and Japan for delivery purposes without disclosing this in its privacy policy or notifying users.
The company also failed to designate a local representative in Korea and created a seven-step membership withdrawal process deemed overly burdensome.
Investigators also found that Temu did not conduct appropriate oversight of its subcontractors—neglecting education and audits required to ensure data protection standards.
In addition, the platform collected facial video data and ID numbers from South Korean sellers during a pilot phase of its “local-to-local” sales program without proper legal grounds.
The Personal Information Protection Commission (Image courtesy of PIPC)
“Temu’s cooperation during the investigation was insufficient, which contributed to a heightened penalty,” said Kim Hae-sook, director of investigations at the PIPC. “Their lack of transparency and failure to adhere to Korea’s privacy standards posed risks to millions of users.”
Though the company has since revised its privacy policy, disclosed overseas data transfers, simplified account termination procedures, and ceased improper ID collection, the PIPC has also levied a separate administrative fine of ₩17.6 million for failures related to data outsourcing and representative designation.
Authorities have further ordered Temu to:
-
Clearly disclose all cross-border data transfers and subcontractor relationships;
-
Implement stronger oversight of third-party processors;
-
Improve user rights protections.
Temu is also expected to designate its Korean entity as its official local representative in accordance with revised data protection rules set to take effect in October 2025.
With Chinese e-commerce platforms expanding rapidly in Korea, the PIPC plans to step up cross-border regulatory outreach through meetings with Chinese firms and digital cooperation centers to ensure compliance with Korean privacy standards.
In a statement, Temu said it “fully respects” the commission’s decision and has “taken necessary corrective actions,” vowing to continue offering quality products at competitive prices while supporting local sellers.
M. H. Lee (mhlee@koreabizwire.com)
