Kakao Corp.
Headquartered in South Korea, Kakao provides online search, social networking, video streaming, games, and e-commerce services to an estimated 54 million global monthly active users. The company derives its revenues from advertising, game sales, and e-commerce.
Kakao earned the highest score of all non-U.S. platforms. Kakao’s flagship chat app, KakaoTalk, dominates the mobile messaging market in South Korea. The company has come under fire for leveraging its user base to expand into areas of the economy traditionally associated with smaller businesses, such as hair salon reservations and delivery services. In 2021 Kakao founder and chairman Kim Beom-su was brought before the National Assembly and accused of abusing market power and threatening the existence of small-scale “mom-and-pop” businesses.
Kakao faced other major scandals in early 2021. In one instance, users discovered that Kakao’s mapping app was including their personal data in publicly accessible maps. The company explained that users had (perhaps unknowingly) agreed to share this information publicly, but swiftly changed its settings at the behest of South Korea’s Personal Information Protection Commission. In another case, a chatbot built by ScatterLab (a third-party app developer) used abusive and discriminatory language in conversations with real users on KakaoTalk, and publicly shared personal data, including people’s real names and addresses, on the platform. Though the bot’s messages seem to have violated KakaoTalk’s terms of service, the company offered no public response to the incident. Kakao maintains only vague policies about the governance of bots on its platform and does not publish moderation data specific to the platform, making it unclear how well it enforces the policies that do exist.
As part of its response to public criticism, Kakao launched a committee within its board of directors that is responsible for overseeing high-level environmental, social, and governance (ESG) issues at the company. This includes concerns related to freedom of expression—where Kakao has stronger policies than Apple, Meta, and South Korean peer Samsung—and privacy. The company nevertheless has much work to do across the spectrum of human rights and ESG risks that come with the territory.
The 2022 Big Tech Scorecard covers policies that were active on November 1, 2021. Policies that came into effect after November 1, 2021, were not evaluated for this ranking.
Scores reflect the average score across the services we evaluated, with each service weighted equally.
We rank companies on their governance, and on their policies and practices affecting freedom of expression and privacy.
Despite disclosing an overall commitment to protecting human rights (G1), Kakao did not indicate that it carried out human rights impact assessments on its targeted-advertising practices, use of algorithmic systems, or zero-rating practices (G4c, G4d, G4e). Kakao engages in zero rating through a partnership between its subsidiary for transportation services and South Korean telco LG Uplus. The company enabled users to file complaints about privacy and freedom of expression, disclosing more about this process than any other digital platform we evaluated (G6a).
Kakao’s policies affecting users’ freedom of expression were clearer and more comprehensive than corresponding policies for both Meta and Yahoo. It disclosed more about its process for handling private requests to restrict content or accounts than all the digital platforms we evaluated (F5b) and explained for the first time how its Daum Search engine ranks content (F1d). However, it failed to explain how its advertising policies are enforced (F3b, F3c).
The company explained what user information it shares more thoroughly than any other digital platform (P4), but disclosed nothing about what it inferrs (P3b) and little about how it collects information from third parties (P9). Although it allowed users to block targeted advertising (P7), their overall access to and control over their own information was limited. Kakao did not publish sufficient information about its security vulnerability reporting system (P14) or its process for addressing data breaches (P15).