Turkey fines WhatsApp $235,000 over data breach

Turkey fines WhatsApp $235,000 over data breach

ANKARA

Turkey on Sept. 3 joined a host of other countries in fining Facebook's ubiquitous WhatsApp messaging service for failing to sufficiently protect user data.

The 1,950,000-lira ($235,000, 200,000-euro) penalty was imposed after months of confusion over whether WhatsApp had introduced its controversial new data-sharing rules in Turkey.

The popular messaging platform updated its Terms of Service and Privacy Policy to include explicit consent to the processing of personal data of users who want to use the app and transfer it to third parties located abroad, Personal Data Protection Authority (KVKK) said in a statement.

For this, the company found that users who do not have explicit consent cannot use the app and their accounts will be deleted, the statement said.

As part of the relevant decisions by KVKK, it was decided to officially launch an examination of WhatsApp, especially on data transfer abroad, binding the service to an explicit consent requirement and compliance with general principles.

Although it is stated that the application is based on different data processing conditions in terms of various personal data processing activities and that the explicit consent requirement for personal data processing is a condition referred to as an exception, it was found that the way to obtain the explicit consent of persons concerned was taken by giving consent to the contract due to the definition of the Terms of Service as a contract with the user.

Considering that a single explicit consent is obtained from users for the processing of their data and transfer to third parties residing abroad, without providing an optional right, and the processing and transfer activities are presented to the data subject inseparably in a single text by making a provision regarding the transfer in the contract, it was stated that the “free-will disclosure” element was damaged.

When it is taken into account that people were forced to approve the contract as a whole, explicit consent was tried to be eliminated, the use of the application was subject to the transfer requirement, and in this context, it was determined that the application of the data controller was contrary to the principle of "compliance with the law and the rules of honesty."

It was stressed that the platform is acting contrary to the principles of "processing for specific, clear and legitimate purposes" and "being connected, limited and restrained to the purpose for which they were processed".

All kinds of processing activities such as saving, storing, modifying, transferring personal data obtained by the data controller from the relevant persons in Turkey mean the transfer of personal data abroad unless the servers are located in Turkey, said KVKK.

It was stated that expressed consent was not obtained from relevant persons regarding the personal data processing activity to be carried out through cookies for profiling purposes, and the personal data processing activity carried out within this scope is also not in accordance with the law.

The decision came one day after Ireland - which houses the European headquarters of Facebook - fined WhatsApp 225 million euros for similar data offenses. 

Moscow fined the two services and Twitter in August for failing to store data of Russian users on local servers.

LATEST NEWS

  1. Russia hits Ukrainian energy sites in 'massive' overnight attack

  2. IMF opens $8.1 billion credit line for Colombia

  3. Ship attacked by missiles off Yemen coast

  4. US sets up board to advise on safe, secure use of AI

  5. Russia targets Ukraine railways as Western aid due to arrive
Recommended

Lawyers set to convene for ‘defense rally’

Local strawberry boom reshaping rural economies

New Atatürk monument marks iconic photo spot 109 years on

Edirne hotel bookings surge ahead of spring festivities

Education Ministry unveils major curriculum change

NATO needs Türkiye and its leadership: Dutch PM

Erdoğan says Türkiye cuts economic ties with Israel
WORLD

Russia hits Ukrainian energy sites in 'massive' overnight attack

Russia launched a "massive" missile strike at Ukraine overnight, hitting energy facilities and damaging power plants in several regions, officials in Kyiv said on Saturday.
ECONOMY

IMF opens $8.1 billion credit line for Colombia

The International Monetary Fund said Friday it will open a $8.1 billion credit line for the government of Colombia, part of a program to help states avoid crisis situations.
SPORTS

Tour of Türkiye embarks on 8-stage journey

The 59th Presidential Cycling Tour of Türkiye (TUR) kicks off on April 21 in the Mediterranean resort city of Antalya with the participation of 25 professional cycling teams.