Global Family Site

Korean Data Protection Agency Fines Bithumb 210 Million Won for Violating Data Transfer Rules

by BAEK SEO HYUN Posted : June 25, 2026, 10:04Updated : June 25, 2026, 10:04
Song Kyung-hee, chairperson of the Personal Information Protection Commission, presides over the 11th full meeting of the commission at the Government Seoul Building on June 10, 2026.
Song Kyung-hee, chairperson of the Personal Information Protection Commission, presides over the 11th full meeting of the commission at the Government Seoul Building on June 10, 2026. [Photo=Personal Information Protection Commission]

The Personal Information Protection Commission (PIPC) has imposed a fine of 210 million won on the cryptocurrency exchange Bithumb for violating regulations on the overseas transfer of personal data.

During a full commission meeting held the previous day, the PIPC announced the fine and issued a corrective order requiring Bithumb to comply with legal requirements for overseas data transfers.

The investigation was initiated after concerns were raised during a National Assembly audit last year regarding the legality of Bithumb's order book sharing service. This service allows exchanges to share buy and sell order information, facilitating cross-execution of trades.

The investigation revealed that Bithumb transferred personal data overseas without user consent while sharing order books with foreign cryptocurrency exchanges.

From September to November last year, Bithumb operated an order book sharing service in the Tether (USDT) market. Although users were informed that their personal data would be transferred to a specific foreign exchange and separate consent was obtained, it was confirmed that member numbers and order information were actually sent to systems operated by other foreign exchanges.

Additionally, during the process of transferring users' cryptocurrency to 13 foreign exchanges, Bithumb provided personal information such as the names and wallet addresses of senders and recipients, as well as birth dates, for anti-money laundering (AML) purposes, without meeting the legal requirements for overseas data transfer.

As a result, the PIPC imposed a fine of 210 million won and ordered Bithumb to obtain separate consent from data subjects for overseas transfers and to clearly disclose the facts and related information in its privacy policy.

Meanwhile, the PIPC has also developed 'guidelines for privacy protection in blockchain services' to reflect the characteristics of blockchain technology identified during the investigation.

The guidelines address key features of blockchain, such as transparency, decentralization, and immutability, and include measures for on-chain information disclosure and tracking prevention, management of personal data sharing among participants, and methods for data destruction.



* This article has been translated by AI.

Copyright ⓒ Aju Press All rights reserved.