Kakao Corp.
Headquartered in South Korea, Kakao provides online search, social networking, video streaming, games, and e-commerce services to an estimated 54 million global monthly active users. The company derives its revenues from advertising, game sales, and e-commerce.
Once again, Kakao earned the highest score out of all non-U.S. platforms, with the company’s performance showing slight improvements across all categories. Kakao’s flagship chat app, KakaoTalk, was the most transparent messaging and Voice over Internet Protocol (VoIP) service regarding its policies and practices related to freedom of expression.
With respect to privacy, however, Kakao’s transparency improved only slightly from the 2022 RDR Index, KakaoTalk was the least transparent messaging and VoIP service in this area. In May 2024, the company was fined by the Personal Information Protection Commission (PIPC) of South Korea for failing to disclose a data breach on KakaoTalk. Kakao was found responsible for using the same unique user ID numbers for both private and public chats, thereby compromising anonymity. Though IDs were encrypted, a security vulnerability meant that they were easily exposed. The PIPC claimed that Kakao had failed to report the data breach or notify the affected users, reflecting a gap between the company’s policy commitment to human rights, including privacy, and its actual practices. Notably, Kakao did not provide detailed information about its approach to notifying users or the specific steps it takes to address data breaches internally. Although Kakao’s privacy policy mentioned informing users of any data breach “without delay,” it did not mention whether authorities would be informed with the same urgency.
In August 2024, KakaoPay, Kakao’s mobile payment and digital wallet service, was accused of sharing the data of over 40 million users with Alipay, Alibaba’s e-wallet service, without their consent. The data shared included email addresses, mobile phone numbers, and transactions. Kakao argued that the data was shared as part of a business collaboration, which meant it was not sharing customer information with a third party and consent was not required. In the 2025 RDR Index, Kakao disclosed that it shares user information with third parties. It also disclosed who some of those third parties are. However, the disclosure was general and did not include the third parties involved for every scenario in which the company shares users’ data. Furthermore, the Financial Supervisory Service, South Korea’s financial regulator, stated that Kakao uses a simple and overly vulnerable encryption program—something Kakao has denied. While Kakao disclosed that users’ communications are encrypted by default, it did not state that end-to-end encryption or full-disk encryption is enabled by default.
The 2025 RDR Index: Big Tech Edition covers policies that were active on August 1, 2024. Policies that came into effect after August 1, 2024, were not evaluated for this benchmark.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Kakao did not disclose that it conducted human rights impact assessments on processes for policy enforcement, targeted advertising, or algorithmic systems (G4b, G4c, and G4d). Despite Kakao Mobility, a transportation subsidiary, and South Korean telco LG UPlus partnering on a zero-rating program that allows subscribers to use Kakao’s navigation service without mobile data, it provided no evidence of any impact assessments related to zero-rating either (G4e). However, the company disclosed a policy commitment to human rights, including freedom of expression and information (G1). In addition, Daum Search and Daum Mail disclosed procedures on privacy-related grievances (G6a).
Kakao led the 2025 RDR Index in transparency on its process for responding to private requests for content or account restriction (F5b). KakaoTalk achieved the highest score in freedom of expression due to its comprehensive disclosure. For example, KakaoTalk was the most transparent of all of Kakao’s services in disclosing the process it uses to identify content or accounts that violate the company's rules (F3a). However, Daum Search was the only Kakao service with an algorithmic system use policy (F1d), while no disclosure was found for the company’s targeted advertising policies (F1c).
Kakao stated that it does not respond directly to private requests for user information. However, the company did not clarify any alternative process for addressing these requests (P10b), nor did it disclose any relevant data about such requests (P11b). Kakao informed users about third-party requests for their data but did not outline situations in which it does not inform users about these requests (P12). Kakao disclosed no policies on the inference of user data (P3b) and provided little information on how it collects information from third parties (P9).