Sat 04 September 2021:
WhatsApp was fined more than $234,000 on Friday by Turkey’s Personal Data Protection Authority (KVKK) for not taking necessary technical and administrative measures to prevent illegal processing of personal data.
The popular messaging platform updated its Terms of Service and Privacy Policy to include explicit consent to the processing of personal data of users who want to use the app and transfer it to third parties located abroad, KVKK said in a statement.
For this, the company found that users who do not have explicit consent cannot use the app and their accounts will be deleted, the statement said.
As part of the relevant decisions by KVKK, it was decided to officially launch an examination of WhatsApp, especially on data transfer abroad, binding the service to an explicit consent requirement and compliance with general principles.
Although it is stated that the application is based on different data processing conditions in terms of various personal data processing activities and that the explicit consent requirement for personal data processing is a condition referred to as an exception, it was found that the way to obtain the explicit consent of persons concerned was taken by giving consent to the contract due to the definition of the Terms of Service as a contract with the user.
Considering that a single explicit consent is obtained from users for the processing of their data and transfer to third parties residing abroad, without providing an optional right, and the processing and transfer activities are presented to the data subject inseparably in a single text by making a provision regarding the transfer in the contract, it was stated that the “free-will disclosure” element was damaged.
When it is taken into account that people were forced to approve the contract as a whole, explicit consent was tried to be eliminated, the use of the application was subject to the transfer requirement, and in this context, it was determined that the application of the data controller was contrary to the principle of “compliance with the law and the rules of honesty.”
It was stressed that the platform is acting contrary to the principles of “processing for specific, clear and legitimate purposes” and “being connected, limited and restrained to the purpose for which they were processed”.
All kinds of processing activities such as saving, storing, modifying, transferring personal data obtained by the data controller from the relevant persons in Turkey mean the transfer of personal data abroad unless the servers are located in Turkey, said KVKK.
It was stated that expressed consent was not obtained from relevant persons regarding the personal data processing activity to be carried out through cookies for profiling purposes, and the personal data processing activity carried out within this scope is also not in accordance with the law.
For these reasons, the statement said WhatsApp was fined 1.95 million TL (over $234,000).
The platform received a record fine of $267 million on Thursday by the EU for violating the General Data Protection Regulation.
-AA
_____________________________________________________________________________
FOLLOW INDEPENDENT PRESS:
TWITTER (CLICK HERE)
https://twitter.com/IpIndependent
FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent
Think your friends would be interested? Share this story!