Turkey's Personal Data Protection Board (KVKK) on Friday imposed an administrative fine of TL 1.95 million ($235,000) on WhatsApp for not taking the necessary technical and administrative measures to prevent the unlawful processing of personal data.
Making the application’s services subject to the precondition of explicit consent is against the law on the protection of personal data in Turkey.
Furthermore, obtaining a single explicit consent from users for the processing of their personal data and its transfer to third parties abroad, without providing an optional right, and that this was presented inseparably in a single text, muddled the "disclosure with free will" of express consent.
The use of the application is tied to the transfer condition, and in this context, it was determined that this practice of the data controller violates the principle of "compliance with the law and honesty rules" in Article 4 of the Law, taking into account that the data controller acts without taking into consideration users’ interests.
The statement noted that the data controller acted against the principles of "processing for certain, clear and legitimate purposes" and "being connected, limited and proportional to the purpose for which they were processed" in Article 4 of the Law.
All kinds of processing activities such as the saving, storing, changing, and transferring of the personal data obtained by the data controller from the data subjects in Turkey took place abroad unless the servers were located in Turkey. It was noted that, thus, the responsible person did not act per Article 9 of the Law.
Explicit consent was not obtained from the relevant persons regarding the personal data processing activity to be carried out through cookies for profiling purposes, and the personal data processing activity carried out within this scope was also not under the law, the statement also noted.
Earlier on Thursday, WhatsApp was fined a record €225 million ($267 million) by Ireland’s data privacy watchdog for breaching EU data protection rules.
The Data Protection Commission (DPC) Thursday handed down the penalty on the Facebook-owned messaging service after a three-year investigation that found WhatsApp committed “severe” and “serious” violations of the EU’s General Data Protection Regulation (GDPR).
“This decision contained a clear instruction that required the DPC to reassess and increase its proposed fine based on several factors contained in the EDPB's decision and following this reassessment the DPC has imposed a fine of €225 million on WhatsApp,” the commission said in a statement.“In addition to the imposition of an administrative fine, the DPC has also imposed a reprimand along with an order for WhatsApp to bring its processing into compliance by taking a range of specified remedial actions.”
The investigation, launched in December 2018, examined whether WhatsApp had fulfilled its GDPR transparency obligations regarding the provision of information and transparency of that information to users and non-users of the service.
Please click to read our informative text prepared pursuant to the Law on the Protection of Personal Data No. 6698 and to get information about the cookies used on our website in accordance with the relevant legislation.
6698 sayılı Kişisel Verilerin Korunması Kanunu uyarınca hazırlanmış aydınlatma metnimizi okumak ve sitemizde ilgili mevzuata uygun olarak kullanılan çerezlerle ilgili bilgi almak için lütfen tıklayınız.