Turkish data authority slaps X with fine for misusing user data
The Turkish Personal Data Protection Authority (KVKK) has fined social media platform X for misusing user data. X collected personal data for security purposes but then used it for targeted advertising.
The authority imposed ₺1.47 million ($42,774) administrative fine on X, citing violations of data security regulations.
KVKK initiated an investigation following reports, including a statement on X’s website, revealing that email addresses and phone numbers collected for “security and safety purposes” were inadvertently used for advertising.
The authority concluded that X had not implemented the necessary technical and administrative measures to ensure adequate security in line with Türkiye’s Personal Data Protection Law No. 6698.
Data authority warns of potential third-party access
The KVKK expressed concern that personal data collected for security purposes might have been accessed by third parties.
Given the large number of X users in Türkiye, the authority determined that this data usage violated fundamental data protection principles, specifically “compliance with law and good faith” and “limitation to purpose.”