Turkey slaps WhatsApp with $235K fine over privacy law breach
Turkey's Personal Data Protection Board (KVKK) on Friday imposed an administrative fine of TL 1.95 million ($235,000) on WhatsApp for not taking the necessary technical and administrative measures to prevent the unlawful processing of personal data, Daily Sabah reported.
Making the application’s services subject to the precondition of explicit consent is against the law on the protection of personal data in Turkey.
Furthermore, obtaining a single explicit consent from users for the processing of their personal data and its transfer to third parties abroad, without providing an optional right, and that this was presented inseparably in a single text, muddled the "disclosure with free will" of express consent.
The use of the application is tied to the transfer condition, and in this context, it was determined that this practice of the data controller violates the principle of "compliance with the law and honesty rules" in Article 4 of the Law, taking into account that the data controller acts without taking into consideration users’ interests.
The statement noted that the data controller acted against the principles of "processing for certain, clear and legitimate purposes" and "being connected, limited and proportional to the purpose for which they were processed" in Article 4 of the Law.
All kinds of processing activities such as the saving, storing, changing, and transferring of the personal data obtained by the data controller from the data subjects in Turkey took place abroad unless the servers were located in Turkey. It was noted that, thus, the responsible person did not act per Article 9 of the Law.
Explicit consent was not obtained from the relevant persons regarding the personal data processing activity to be carried out through cookies for profiling purposes, and the personal data processing activity carried out within this scope was also not under the law, the statement also noted.
Earlier on Thursday, WhatsApp was fined a record €225 million ($267 million) by Ireland’s data privacy watchdog for breaching EU data protection rules.
The Data Protection Commission (DPC) Thursday handed down the penalty on the Facebook-owned messaging service after a three-year investigation that found WhatsApp committed “severe” and “serious” violations of the EU’s General Data Protection Regulation (GDPR).