Kakao Pay transferred personal credit information to Alipay: Regulator

Kakao Pay Corp. CI

South Korea’s financial regulator announced on Tuesday that it had uncovered that Kakao Pay Corp., a mobile payment and digital wallet service unit under tech giant Kakao Corp., transferred personal credit information to Alipay, a subsidiary of China’s Ant Group, the world’s largest fintech company and the second-largest shareholder of Kakao Pay, without obtaining customer consent.

“During our inspection of Kakao Pay, we discovered that personal credit information was transferred to Alipay without customer consent. We are currently reviewing whether this violates the Credit Information Use and Protection Act and other relevant laws,” a Financial Supervisory Service (FSS) official said. “We will initiate disciplinary procedures if we confirm a violation occurred.”

The financial regulator initially began an inspection related to foreign exchange transactions at Kakao Pay in April and May 2024, uncovering the latest issue during the process.

Kakao Pay is known to have transferred personal credit information to Alipay while outsourcing the reprocessing of personal credit information to provide Apple Inc.’s App Store payment services. According to the Credit Information Act, consent from the individual concerned is required when providing collected personal credit information to third parties. As Alipay is an overseas company, consent for cross-border transfer of personal information is also necessary.

In response, Kakao Pay issued a statement asserting that it “did not engage in any illegal information provision” and that the transfer of information required to provide App Store payment methods was conducted as part of a processing outsourcing arrangement between Kakao Pay, Alipay, and Apple, which does not require user consent.

Kakao Pay argued that consent from the information subject is not required when personal credit information is transferred as part of processing outsourcing under the Credit Information Act. The company also claimed that it applied encryption methods that convert data into random codes when providing information to Alipay, making it impossible to identify individuals, while also asserting that the information provided cannot be used for purposes other than fraud detection.