The Personal Data Protection Authority (KVKK) has seen new developments in the investigation it launched against Facebook as part of its "data security breach" and "data abuse" research. In response to the information KVKK officials requested about Facebook's data processing system, Facebook sent a 30-page plea to the organization. The authority is expected to complete the investigation of the company soon and disclose the result to the public.
Speaking to Sabah on the issue of personal data, KVKK Chairman Faruk Bilir said that any data that distinguishes someone from others in a community is personal data, regardless of whether it is the color of the jacket, name, surname and ID number. Underlining that the regulation introduced on the issue is compatible with European standards, Bilir noted that the law gives great importance to special personal data. "This is because the acquisition of such information can lead to victimization of person or discrimination. The information about a person's race, religion, sect, appearance, health, sexual life, association and foundation and association membership constitutes sensitive data. The law provides further protection for such data," he added.
Bilir stated that they received a number of complaints about sending notifications via SMS, continuing, "Our resolution on unauthorized SMSs and calls with ad content has been issued. This resolution is aimed at preventing the forwarding of advertising notifications to email addresses or via SMS or call and without the explicit consent of the persons or without the conditions specified in the law are fulfilled. In this context, SMSs and calls in question must be stopped immediately. Otherwise, data officers will face administrative fines."
Bilir also provided information on the "data security breach" investigation that they initiated against Facebook at the end of last year, saying that international companies fall within the scope of Turkish laws when processing data in Turkey. Accordingly, they need to appoint a representative in Turkey. The investigation on Facebook started in 2018, requesting some information about Facebook's data processing system. In response, they sent a 30-page plea. The KVKK board is yet to assess the document but is expected to assess it soon.
Bilir emphasized that even if personal information is given to social media organizations with explicit consent, this data cannot be used for other purposes. Speaking on Data Officers Registry Information System (VERBİS), Bilir stated that both data processing companies in Turkey and non-resident legal entities must register in VERBİS. For this, they need to appoint a representative. The process is yet to be completed and will continue until October 2019. VERBİS registration for public institutions will start on April 1. "Everyone will be obliged to let us know what data they keep. However, no data will be available in our institution. I think companies like Facebook, Twitter and Google will register in VERBİS as well," he told.
Highlighting that the law stipulates administrative fines on those responsible for personal data, Bilir expressed that if the disclosure requirement is not fulfilled, if VERBİS is not registered, if data security is violated and the necessary measures are not taken; the law imposes administrative fines on them. To date, about TL 2 million has been fined.
Explaining that individuals' applications regarding data violations increased in 2018, Bilir said that some 402 complaints, 56 notices and 63 data violation notifications have been made so far. Approximately 207 of them have been concluded. Also, 22 of the data infringement notices were published. On the other hand, ALO 198, KVKK Information Hotline, receives some 300 calls on a daily basis and some 8,000 calls on a monthly basis.