[THE INVESTOR] South Korea has become one of the first countries to start questioning Google over recent reports confirming the firm has been collecting location data from Android phones even when GPS services were disabled. But will it be able to investigate with effective consequences?
Experts here say that it is unclear whether Korean regulators can properly interrogate Google, as well as take punitive measures if needed, given the difficulties of investigating a foreign IT company whose servers and key executives are based overseas.
Last week, the Korea Communications Commission summoned officials from Google Korea to examine whether the tech company secretly collected and used the location data of Android smartphone users in Korea without obtaining due consent.
The move came after a news report by US online media outlet Quartz revealing that phones running on Google’s Android OS have been collecting addresses of nearby cellular towers -- even when location-tracking services are turned off -- and sending that data back to Google.
This means that even people who turn off their GPS tracking service -- thinking their locations will no longer be shared -- were being tracked by Google.
Cell ID codes -- data exchanged between a smartphone and a cell tower -- can be used to determine roughly where a mobile device is located. It is easier to pinpoint a device’s location in urban centers where cell towers are more concentrated.
Google has confirmed the practice, which continued from January to November this year. However, the company stated that the Cell ID codes were only collected to improve the speed and performance of message delivery, and that they had not been stored.
If the Korean media regulator discovers that Google engaged in such data collection activities, which would be illegal, it cannot take direct action, but can refer the case to the prosecution for the breach of local data protection laws.
Under Korea’s Act on the Protection, Use, Etc. of Location Information, any entity that makes use of personal location information without obtaining user consent is subject to a five-year prison term or a fine of up to 50 million won ($46,150).
Even if the case is brought to the prosecution, investigators are expected to face hurdles in scrutinizing the California-based tech giant, as the company’s servers and core operations are located in the US. Such circumstances have slowed down similar investigative efforts in the past.
In 2011, Korean authorities opened an investigation into Google after it was found to have collected personal user data by scanning unsecured private Wi-Fi networks in creating its Street View maps.
However, they dropped the charges the following year, as key developers and executives from Google based in the US did not cooperate with Korea’s prosecution, according to local media reports.
It was only in 2014 that Korea imbued a penalty of 212.3 million won ($195,320) on Google for breaching the local communications law, after the tech firm received similar penalties in other countries including the US, France, Germany and Belgium.
The KCC has cited plans to cooperate with other states, including the US, Japan and countries in the European Union, if an international investigation is initiated. UK data protection officials are currently looking into the matter, according to CNN Tech.
The current case has reignited fresh concerns over the management of private data and the need for stronger regulations and financial penalties for companies -- particularly those whose services are widely used by the public -- that breach data protection laws.
In Korea, smartphones running on Google’s Android OS, including phones produced by Samsung Electronics and LG Electronics, make up the majority. Android devices are estimated to account for around 80 percent of Korea’s smartphone market.
By Sohn Ji-young/The Korea Herald (firstname.lastname@example.org)