Before western governments got wise to the threat posed by Facebook to their democracies – not to mention someone to blame in case legitimate election results went terribly wrong from the point of view of the ruling elite – there was Turkey.
This NATO member and EU candidate has in the past been involved in digital skirmishes with some of the most influential social media platforms – including by temporarily blocking them – by and large in an apparent attempt to limit their reach and influence in society, for political purposes. But now things have gotten technical – going from skirmishes to what might become a pitched battle – as Ankara appears to be keeping a close eye on tech giants’ activities and woes, and ready to exploit, so to speak, any and every of their weaknesses.
And those are many these days. One was announced last December by Facebook, regarding what the company said was an API bug that allowed third-party app developers access to photos uploaded by its users. As many as 6.8 million Facebook users may have been affected, the company disclosed at the time, explaining that the breach had been ongoing for 12 days in September 2018.
Turkey’s personal data protection watchdog, KVKK, has now imposed a fine on Facebook equivalent to some $270,000 in local currency – for the data breach related to this very disclosure. Surely just pocket money for a company that has billions of users and hundreds of billions in revenues – but perhaps useful to Turkey as yet another shot across Facebook’s bow.
KVKK has announced that 300,000 Turkish users may have been affected by the photo API bug, and in addition to ordering Facebook to pay the fine, it reprimanded the company for not acting earlier and not notifying Turkish authorities in time, as there had been indications of trouble in the API well before the disclosure.
But that’s not all, as KVKK is still investigating another fiasco Facebook has had to reveal – namely, a separate September 2018 security incident when personal data of a reported 30 million users was said to have been stolen by unidentified hackers.