Some security experts are portraying Turkey’s decision to fined Facebook $281,000 after a data breach that exposed the personal information of hundreds of thousands of users in that nation as an inadequate slap on the wrist.
The social media giant was fined $201,000 for the breach and about $79,000 for failing to provide notice of the breach.
The exposed data included name, gender, birthday, relationship status, educational background, religion, hometown, personal data and location information, according to the website of KVKK (Kişisel Verileri Koruma Kurumu), Turkey’s data protection authority.
A statement on KVKK’s website says that the 2018 data exposure was caused by to an error in the interaction of three different features of the Facebook system: “see-through the eyes of someone else,” “birthday celebrator” and “video uploader.”
In May, Turkey’s Personal Data Protection Authority fined Facebook $290,000 after a separate data breach.
And in the U.S., the Federal Trade Commission fined Facebook $5 billion in June for various privacy violations.
For about 12 days in September 2018, third-party applications were able to access photos and other details on users due to an API bug, KVKK reports. Worldwide, the bug potentially affected nearly 7 million users, authorities say.
The KVKK investigation concluded that a system weakness existed for 14 months, which shows that necessary tests and controls were not made. “The features should have been tested before opening it to the public. Insufficient tests are a breach of data security obligation which requires taking administrative and technical measures to avoid data breaches,” the KVKK notes.
Ray Walsh, digital privacy expert at ProPrivacy.com., a U.K.-based organization for digital privacy, says Turkey’s decision to fine Facebook could be a “sign of things to come, with the door now open for other countries to follow suit and potentially issue fines of their own.”
But Walsh says fines need to be much higher to have a real impact.
“It is becoming increasingly obvious that Facebook can afford to pay fines easily. While penalties are fine, the watchdogs cannot make a mockery of these fines,” he says.
Kaynak : https://www.bankinfosecurity.co.uk/turkey-fines-facebook-after-data-breach-a-13199