Digital Identity , Governance & Risk Management , Privacy

Turkey Fines Facebook After Data Breach

Some Observers Call the Penalty Inadequate
Turkey Fines Facebook After Data Breach

Some security experts are portraying Turkey’s decision to fined Facebook $281,000 after a data breach that exposed the personal information of hundreds of thousands of users in that nation as an inadequate slap on the wrist.

See Also: An Identity Security-first Approach to the Evolving Threat Landscape

The social media giant was fined $201,000 for the breach and about $79,000 for failing to provide notice of the breach.

The exposed data included name, gender, birthday, relationship status, educational background, religion, hometown, personal data and location information, according to the website of KVKK (Kişisel Verileri Koruma Kurumu), Turkey’s data protection authority.

A statement on KVKK’s website says that the 2018 data exposure was caused by to an error in the interaction of three different features of the Facebook system: "see-through the eyes of someone else," "birthday celebrator" and "video uploader."

In May, Turkey’s Personal Data Protection Authority fined Facebook $290,000 after a separate data breach.

And in the U.S., the Federal Trade Commission fined Facebook $5 billion in June for various privacy violations.

What Happened?

For about 12 days in September 2018, third-party applications were able to access photos and other details on users due to an API bug, KVKK reports. Worldwide, the bug potentially affected nearly 7 million users, authorities say.

The KVKK investigation concluded that a system weakness existed for 14 months, which shows that necessary tests and controls were not made. “The features should have been tested before opening it to the public. Insufficient tests are a breach of data security obligation which requires taking administrative and technical measures to avoid data breaches,” the KVKK notes.

Ray Walsh, digital privacy expert at ProPrivacy.com., a U.K.-based organization for digital privacy, says Turkey's decision to fine Facebook could be a “sign of things to come, with the door now open for other countries to follow suit and potentially issue fines of their own.”

But Walsh says fines need to be much higher to have a real impact.

“It is becoming increasingly obvious that Facebook can afford to pay fines easily. While penalties are fine, the watchdogs cannot make a mockery of these fines,” he says.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.