Turkish watchdog issues fine to Facebook

Turkey’s government watchdog has fined Facebook for a data breach.

Turkeys Personal Data Protection Authority (KVKK) has fined Facebook 1.65 million lira ($270,976.01) in April 2019, due to a data breach.

The fine follows Facebook’s report of a data breach in December 2018, when a photo API bug allowed third-party applications access to Facebook user photos. KVKK stated that the breach affected more than 300,000 users in Turkey, and Facebook not intervening in time exhibited their deficiencies in technical precautions.

At the time of the breach, the API bug could have exposed the private photos of 6.8 million users. The bug had been present between September 13 to September 25, 2018. The fine is for Facebook’s failure to react in a timely manner or to take action to fix the bug, as well as the failure to notify the Turkish authorities of the breach.

This is not the first interaction the KVKK have had with Facebook. Facebook may soon face another investigation with regards to a severe data breach in which unknown attackers exploited three bugs to steal the personal details of 30 million users, as well as the data breach in March whereby Facebook admitted to storing users’ passwords in plaintext.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.