Turkey’s data authority warns about remote learning platforms

As tens of millions of people turn to videoconferencing to stay connected during the coronavirus pandemic, some applications pose security risks and create legal loopholes, the Turkish data privacy authority has warned.

"It has been observed that on the distance education platforms personal information including names and surnames of the students and some private personal data, such as voice and image samples that can be regarded as biometric data, are being processed," said a statement by the Personal Data Protection Authority (KVKK).

"Most of the softwares used for distance learning are serving through cloud service providers and the data centers of these softwares are usually based abroad," it added.

Data transfer to a foreign country can breach the Protection of Personal Data Law, said the KVKK. urging the users to read the Personal Data Security Guide carefully and the authority board's decision on the responsibilities data controllers dated Jan. 31, 2018, before using those applications.

In a separate announcement on March 24, the KVKK said: "By taking into account that the different operational implementations [remote working, shift working etc.] are used with respect to the measures taken by data controllers, for each complaint or data breach notification, it is announced to the public respectfully that the Personal Data Protection Board will pay regard to the extraordinary conditions that we are in."

The Personal Data Protection Authority was established under the Protection of Personal Data Law in 2016. Defined as a public legal entity with administrative and financial autonomy, it is composed of the Personal Data Protection Board and the Presidency.

Recently, the Education Ministry issued a warning to the...