The Personal Information Protection Commission held a plenary meeting on June 24 and imposed a 210 million won fine on Bithumb for violating rules on overseas transfers of personal data. It also approved a corrective order requiring the company to meet legal requirements for overseas transfers.

The commission began an investigation after a 2025 parliamentary audit raised questions about whether overseas transfers of personal data linked to Bithumb's order book sharing were lawful.

The investigation found that Bithumb transferred personal data overseas without separate consent from data subjects during order book sharing and virtual asset transfer processes with overseas virtual asset exchanges.

According to the commission, Bithumb shared an order book with an overseas exchange in the Tether (USDT) market from September to November 2025. Data subjects gave separate consent for an overseas transfer of personal data to Stellar exchange, but the investigation found that member numbers and order information were actually transferred overseas to a system operated by another exchange, bingx.com.

The commission also established privacy guidelines for blockchain services, taking into account blockchain technology characteristics it analyzed during the investigation. The guidelines set out measures to prevent on-chain information disclosure and tracking in light of transparency, manage information sharing among participants in light of decentralisation, and dispose of personal data in light of immutability.

The commission said it will continue to respond strictly to violations of the Personal Information Protection Act, including unlawful overseas transfers of personal data, so that the public's right to informational self-determination is not infringed. It also said it will continue to set necessary standards so that personal data protection and safe use can be balanced in environments involving new technologies.