According to the Financial Supervisory Service (FSS), the company has shared data of 40.45 million users, totaling 54.2 billion pieces of personal credit information, with Alipay since April 2018.
The regulator is currently reviewing whether this practice violates relevant laws, including the Credit Information Use and Protection Act. If a violation is confirmed, the FSS will proceed with imposing sanctions, the agency said.
Alipay, which is affiliated with Ant Group, the financial services arm of Alibaba Group, is Kakao Pay’s second-largest shareholder.
The data transfer was uncovered during an on-site inspection of Kakao Pay's overseas payment division from May to July.
Kakao Pay reportedly handed over the information as part of outsourcing the reprocessing of personal credit information to facilitate payment services for Apple's App Store.
Under the Credit Information Use and Protection Act, users must consent before their personal credit information can be shared with a third party. Since Alipay is a foreign company, consent for the international transfer of personal information is also required.
Through its partnership with Alipay, Kakao Pay’s service enables domestic customers to make payments at 81 million online and offline member stores of platforms including AliExpress, Temu, Google and Apple across 46 countries.
Kakao Pay has denied any wrongdoing, asserting that the data transfer was part of a normal business consignment arrangement between Kakao Pay, Alipay and Apple. The company claims the arrangement does not require user consent.
“When providing information to Alipay, we applied encryption methods to ensure that users could not be identified and that the information could not be used for purposes other than fraud detection,” Kakao Pay said in a statement.