Turkiye: Issued ruling in KVKK investigation into Twitch for alleged data breach

On 16 November 2024, the Personal Data Protection Authority of Turkey (KVKK) issued a ruling against Twitch with a fine of TRL 2 million lira following a data breach. The KVKK noted that the data breach affected 35'274 individuals in Turkey. The fine is composed of TRL 1.75 for failing to implement adequate technical and administrative measures to secure personal data and TRL 250'000 for not notifying the breach. It was highlighted that Twitch did not properly address system vulnerabilities before the breach and only took security measures after the incident, with insufficient risk identification and threat mitigation. The ruling requires Twitch to take corrective action to comply with data protection regulations.