TikTok fined – Breaking News

Breaking news!

The Dutch Data Protection Authority (KVKK) imposed a fine on TikTok.

In the decision taken on the website of the institution ex officio on the complaints that the “explicit consent” regarding the TikTok application of the social media platform has not been obtained in accordance with the Personal Data Protection Act No. 6698 , there are illegalities in obtaining and storing personal data, and there are many security vulnerabilities in the software. reports that an investigation has been launched.

In this regard, the decision stated that an ex officio investigation had been launched and TikTok’s privacy policy and terms of service were being examined as part of the investigation, and with the update to the privacy policy in January 2021, the default privacy setting for user accounts between the ages of 13 and 15 has been changed to “private”.

In this way, it was stated that only the videos shared by the user-approved followers can be viewed and the people who can download and comment on the videos are limited.

“Before the above-mentioned update, the fact that there is no restriction on the interaction by viewing the profiles as public by default poses a risk to accessing the data of users in the sensitive age group, and it also shows that adequate measures are not being taken. taken to mitigate the risks by determining the risks related to users, and that the users using the application before the update of the privacy policy in January 2021, it is understood that the personal information of children under the age of 13 is viewed and data is collected from children without proper parental consent, so there is a risk of negative consequences for children who have used the application.


The decision stated that TikTok’s non-disclosure agreement does not provide clear information about what personal data is processed for what purpose and under what processing conditions, stating that “in this context, “processing for specified, clear and legitimate purposes” and It is understood that there is a violation of the principles of relatedness, limitation and proportionality to the purpose for which they were committed.

When creating a TikTok account, it was stated that if users continue to create an account, they will be deemed to have accepted the “terms of use” privacy policy, but the text of the approval of the terms of service has not been translated into Turkish. had been recorded.

The decision, which states that there is no situation regarding obtaining explicit consent when creating an account on the platform or when an account is created and actively used, states that TikTok’s privacy policy is essentially a text has been drawn up to comply with the disclosure obligation, the following has been established:

“With regard to the processing activities of personal data carried out on the basis of explicit consent, in accordance with subparagraph (f) of Article 5 of the Communiqué on the procedures and principles to be followed in fulfilling the obligation to clarify, since it also used in place of the explicit consent text, the requirement that the explicit consent be complied with separately from the obligation to inform has proved unavailable.”


It was noted that TikTok has not obtained explicit consent from the individuals in the context of the processing of personal data carried out by using cookies for profiling purposes, and the processing of personal data carried out within this framework is also not in accordance with the law .

The decision included the following considerations:

“About the controller determined not to take all kinds of technical and administrative measures to ensure the appropriate level of security to prevent the unlawful processing of personal data in paragraph (1) of article 12 of the Act,” In accordance with subparagraph (b ) of paragraph 1), an administrative fine of 1 million 750 thousand lira is imposed, and the terms of service are translated into Turkish within one month in order to correctly inform the controller, and that the texts of the privacy policy are in compliance within three months with the law to correctly inform the persons concerned. Since it is clear that the privacy policy is used instead of the enlightenment text and does not contain the elements of a valid enlightenment, it has been decided to instruct the instructions for creating an enlightenment in accordance with the provisions of article 10 of the law and the communiqué on the procedures and principles to be followed in fulfilling the clarification obligation. “

Leave a Reply

Your email address will not be published. Required fields are marked *