Turkiye: Ruling announced against WhatsApp for failing to obtain consent before processing personal data

On 9 September 2021, the Turkish Personal Data Protection Authority (KVKK) sanctioned WhatsApp with a fine of TRY 1.95 million for failing to obtain consent for the processing of personal data. Firstly, under the Turkish Data Protection Law, explicit consent must be obtained for specific data processing activities. The agreement to terms and conditions does not suffice. Secondly, WhatsApp violated Turkish Data Protection law by not being transparent about the type of data to be transferred. The transfer of data by WhatsApp was further also neither proportional nor limited to the transfer purpose stated by WhatsApp. WhatsApp now has to adapt its Terms of Service and Privacy Policy within 3 months to conform with Turkish Data Protection Law.