Turkey’s Personal Data Protection Board (KVKK) has imposed a 2 million lira ($58,000) fine on Amazon’s popular gaming platform, Twitch, following a significant data breach that affected 35,274 individuals in the country. The breach, which resulted in a 125 GB data leak, prompted an investigation by KVKK. The regulator found that Twitch had failed to implement adequate security measures prior to the breach, and did not sufficiently assess the associated risks or threats.
As part of the investigation, KVKK concluded that Twitch’s security infrastructure was not up to par, with insufficient safeguards in place to protect user data. The breach was not discovered or addressed until after the damage had already been done, leading to a delay in mitigating the consequences. The failure to act in advance contributed to the severity of the leak, which raised concerns over the platform’s data protection practices.
In addition to the fine for inadequate security, KVKK also penalized Twitch with an additional 250,000 lira for failing to report the breach within the required timeframe. The regulator emphasized the importance of transparency in such cases, noting that timely reporting is crucial for mitigating risks and protecting affected individuals. This fine highlights the growing scrutiny over data protection and privacy practices for global platforms operating in Turkey.
Twitch has yet to release an official statement on the fine, and it remains unclear whether the company plans to appeal the decision. The penalty serves as a reminder to all tech platforms about the critical importance of robust data security and timely breach reporting. The case underscores Turkey’s commitment to enforcing stringent data protection regulations, as the country continues to strengthen its digital security framework.
Reference:
