KVKK imposes a small fine on the TikTok platform

KVKK imposes a small fine on the TikTok platform


Personal Data Protection Authority today one of the biggest TikTok announced that they had imposed a small fine on the platform.

Personal Data Protection Authority, To the TikTok platform, which is also very popular in Turkey, “on the grounds of viewing personal information of children and collecting data without permission.Decided to impose a very small administrative fine of 1.750.000 TL for the company.. The official statement on this matter is as follows: it happened: “Regarding the TikTok application on the internet and social media platforms, there are various news and complaints that express consent is not duly obtained under the Personal Data Protection Law (Law) No. 6698, there are illegalities in obtaining and storing personal data, and there are many security gaps in the software Based on this, it was decided by the Personal Data Protection Board to initiate an ex officio investigation within the scope of paragraph (1) of Article 15 of the Law No. 6698. As a result of the defense letters received from the data controller and the related Privacy Policy and Terms of Service, with the Decision No. 2023/134 of the Personal Data Protection Board;

YOU MAY BE INTERESTED
  • – TikTok’s Privacy Policy was updated in January 2021, and as a result of the update, the default privacy setting for user accounts between the ages of 13 and 15 was changed to “private”, so that only the videos shared by the followers approved by the user can be viewed, the people who can download the videos and comment are limited. although it is stated; The fact that there is no restriction on interaction by displaying the profiles as public by default before the specified update poses a risk within the scope of accessing the data of users in the sensitive age group, and it also shows that adequate measures are not taken to reduce the risks by determining the risks related to the users,
  • Before the Privacy Policy was updated in January 2021, the personal information of children under the age of 13 using the application was viewed and data was collected about children without appropriate parental consent, so there is a risk of negative consequences for children who used the application,
  • – In the Confidentiality Agreement on the website of the data controller, all the processing conditions in Article 5 of the Law on the Protection of Personal Data are specified, but no clear information is given about which personal data is processed for what purpose and on which processing condition, The principles of “processing for specific, clear and legitimate purposes” and “being connected, limited and proportional to the purpose for which they are processed” in Article 4 are violated,
  • While creating a TikTok account, it was stated that if users continue to create an account, they will be deemed to have accepted the Terms of Service (Terms of Use) and Privacy Policy, however, the relevant text has not yet been translated into Turkish when approval is obtained in the Terms of Service, therefore the content is not presented to users in an easy-to-understand way and users It is possible that he accepts the terms of use without fully understanding them,
  • – There is no case of obtaining explicit consent when creating an account on the platform or when creating an account and using it actively, TikTok’s Privacy Policy is essentially a text prepared to fulfill the obligation to enlighten, but it is also used instead of the explicit consent text, therefore, the Obligation of Disclosure Pursuant to subparagraph (f) of Article 5 of the Communiqué on the Procedures and Principles to be Complied, the requirement to fulfill the express consent separately from the obligation to inform, in terms of personal data processing activities carried out based on the express consent condition,
  • – The data controller does not obtain explicit consent from the relevant persons regarding the personal data processing activity carried out using cookies for profiling purposes, and the personal data processing activity carried out within this scope is also not in accordance with the law. As it is understood, about the data controller who is determined not to take all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent the illegal processing of personal data in paragraph (1) of Article 12 of the Law. To impose an administrative fine of 1,750,000 TL in accordance with subparagraph (b) of paragraph (1) of Article 18 of the Law,

In addition, the data controller;

  • -Translating the Terms of Service into Turkish within one month in order to inform the relevant persons correctly,
  • -Making the aforementioned Privacy Policy texts comply with the Law within three months in order to inform the relevant persons correctly,
  • – Since it is understood that the Privacy Policy is used instead of the illumination text and does not contain the elements of a valid illumination, providing a clarification in accordance with the provisions of Article 10 of the Law and the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Clarification Obligation. in regards to instruction has been decided.

lgct-tech-game