Turkey's data protection authority, the KVKK, announced a fine of 18,000 TL for a violation of the purpose limitation principle in the country's Law on the Protection of Personal Data No. 6698. The violation is related to a consumer's phone number being provided to a third party without legitimate purpose. The data controller's actions breached Article 7 of the LPPD, which requires deletion or anonymization of data when there's no longer a legal basis for processing. (Original post is in Turkish.)
If you want to comment on this post, you need to login.