Turkish personal data protection watchdog fines Facebook £271,000 over data breach
Turkey’s Personal Data Protection Authority (KVKK) has imposed a fine of 1,650,000 Turkish lira (€245,000) against Facebook, for a data breach and failure to report the incident to the authorities.
The KVKK launched an investigation of the social media giant over an API bug that allows third-party applications to access users’ photos.
The company admitted that the breach, which occured over a 12-day period between September 13 and 25, “may have affected up to 6.8 million users and up to 1,500 apps built by 876 developers.”
Failed to take timely action
The Turkish data protection authority found that Facebook failed to take action to intervene in the breach, and also failed to take proper technical and administrative measures. The data leak was a breach of Article 12 of the Law No. 6698 of the Protection of Personal Data.
Consequently, a fine of TL 1.1 m,illion was imposed for failure to meet data security liabilities. An additional fine of TL 550,000 was imposed for Facebook’s failure to notify the KVKK regarding the leak.
The KVKK said approximately 300,000 individuals in Turkey may have been affected by the data breach.