July 2023 - In June 2023, the Turkish Personal Data Protection Authority (the "DPA") published four data breach notifications and one public announcement. During the month, the DPA also organised two seminars, released two podcast episodes, and issued an academic journal featuring articles on various topics.
This two-minute recap provides a brief overview of these activities, keeping you informed of recent developments in Turkish DP Law.
The DPA clarifies concerns on personal data leakage from public institutions
The DPA made an announcement in response to various news reports circulating on news channels and social media platforms, claiming that, "citizens' personal data had been leaked from public institutions". In its announcement, the DPA categorically refuted the news about the personal data leakage from public institutions!
The DPA declared that it has reviewed 1,001 data breach notifications received from data controllers and made ex officio investigations of an additional 107 data breaches. Thus, a total of 1,108 data breaches were evaluated, and the majority of the examinations were concluded as of 15 June.
As a result of the examination, the DPA affirmed that no data breaches had occurred within public institutions. The DPA also stated that they will continue to work on this issue, coordinating closely with the relevant public institutions.
The DPA's June Agenda
- On 7 June the DPA hosted a seminar on "Data Transfer Abroad: European Union and Main Differences" as well as on "Freedom of the Media as an Exemption from the Law". The seminar included discussions on general principles of data transfer, the differences between Turkish DP Law and European Union practices, and suggestions for harmonisation.
- On 8 June the DPA published an academic work titled "Academic Perspective on Personal Data Protection: Personal Data Protection Academy Compilation Study". This publication comprises studies on personal data protection, privacy, data protection law and personal data security in Turkey. You can find the related study here (in Turkish only).
- On 6 June the DPA released a podcast episode on the topic of "Deletion, Destruction or Anonymisation of Personal Data". On 22 June, the DPA released another podcast episode discussing the "Purpose and Scope of Law No. 6698 on the Protection of Personal Data".
- On 21 June the DPA hosted a Wednesday Seminar on "The Authorisation of the Personal Data Protection Authority to Provide Opinions on Draft Legislation" and on "Processing of Personal Data through Cookies". The seminar addressed key issues in upcoming draft legislation and European Union regulations on cookies, particularly those under the EU General Data Protection Regulation.
The Board announced the following data breach notification in June:
|
Data Controller |
Affected Data Subjects |
Affected Personal Data |
Number of Data Subjects |
|
OSDS Su Aritma Sistemleri San. Tic. Ltd. Sti |
Employees and employee candidates |
Communication Information, Location, Legal Transaction, Customer Transaction, Process Security, Risk Management, Marketing and Criminal Conviction and Security Measures |
N/A |
|
Arçelik A.S. |
Dealers and authorised service employees |
Identity, Communication Information, Process Security, and Other |
Approx. 30,373 |
|
Bilge Adam Yazilim ve Teknoloji A.S. |
Employees and employee candidates |
Name, Surname, Identity Number and Workplace Registration Number |
N/A |
|
Tip Evi Saglik Hizmetleri Ticaret Limited Sirketi |
N/A |
Health Data, Personal information |
N/A |
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.