Turkish Data Protection Authority (“DPA”) has published its activity report for the year 2019. The purpose of preparing such report is presented as to inform the public and other relevant parties about the DPA's activities in an accurate and complete manner, in accordance with the principles of transparency and accountability.
The document also provides information on the DPA's organizational structure, authorities, duties and responsibilities, corporate history, meetings, workshops, conferences, national and international activities, the budget and the roles of its departments.
The activity report further provides information as to the legal activities, investigation activities, activities in terms of data breach notifications and data management activities.
Legal Advice Requests
Per the activity report, total 162 legal advice requests which were received from public institutions and organizations, real persons and legal entities were concluded.
The total number of lawsuits followed by the DPA as of December 31, 2019 which were filed before Council of State, Administrative Court, Civil Court of First Instance and Criminal Judgeship of Peace is 47.
DPA indicates in its activity report that total 2,229 complaints and 51 denunciations are received from the public and sectors such as telecommunications, IT, banking and finance, tourism, health, media, insurance, HR and general services. Many of these complaints (1,160) were concerning citizens who are resident abroad. Other complaints were regarding illegal disclosure of personal data with third parties (618), illegal processing of personal data (471) and failure to fulfill data subject's requests (31). Also, 1,742 of these complaints received in the year 2019 are concluded while 538 are still pending.
Following the evaluation of the complaints received in 2019 and before such date, total 24 administrative fine decisions are issued. The total amount of administrative fine issued is 125,000 Turkish Liras for the year 2017; 670,000 Turkish Liras for the year 2018 and 1,905,000 Turkish Liras for the year 2019 in terms of complaints and denunciations. Also, 200,000 Turkish Liras of administrative fine is issued for the data breach notifications in the year 2018 and 11,200,828 Turkish Liras of administrative fine is issued in the year 2019. In that regard, total 13,105,828 Turkish Liras of administrative fine issued within these three years.
Data Breach Notifications
DPA received 168 data breach notifications in the years 2017, 2018 and 2019 and 74 of these notifications were concluded while the 94 are still pending. Also, 41 of these notifications are published and 44 of these notifications were concerning data controllers resident abroad.
Data Controller's Registry (“VERBIS”)
As of December 31, 2019, total 48,008 VERBIS applications are received and 36,911 of these applications are approved, while the evaluation for 8,911 is still pending and 2,186 are rejected. Also, total 116 of the approved applications were concerning data controllers resident abroad. 75% of the data controllers whose VERBIS registrations are approved assigned a contact person and 37% of the data controllers whose VERBIS registrations are approved have completed their notification procedures, in the light of the activity report.
Originally Published by ELIG Gürkaynak Attorneys-at-Law, November 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.