In the decision numbered 2023/134 published by the Personal Data Protection Board (“Board”) on March 1, 2023, an administrative fine was imposed on the Tiktok application on the grounds that it violated the provisions of obtaining and processing personal data of the Personal Data Protection Law (“DP Law”).
In this decision;
- In the Confidentiality Agreement on the website of the application, all of the processing conditions in Article 5 of the DP Law are stated, but since there is no clear information about which personal data is processed for what purpose and on the basis of which processing condition, the principles of “processing for specific, explicit and legitimate purposes” and “being connected, limited and proportionate to the purpose for which they are processed” in Article 4 of the DP Law are violated,
- Explicit consent was not obtained from the data subjects regarding the personal data processing activity carried out by TikTok using cookies for profiling purposes and the personal data processing activity carried out within this scope is not in accordance with the law
it was decided to impose an administrative fine of TRY 1,750,000 on Tiktok, which was determined that they did not take all necessary technical and administrative measures to ensure the appropriate level of security in order to prevent unlawful processing of personal data.
You can access the summary of the decision numbered 2023/134 via this link.