ARTICLE
11 December 2024

Two-Minute Recap Of Recent Developments In Turkish Personal Data Protection Law

GT
Gen Temizer

Contributor

Gen Temizer logo
Gen Temizer is a leading independent Turkish law firm located in Istanbul's financial centre. The Firm has an excellent track record of handling cross-border matters for clients and covers the full bandwidth of most complex transactions and litigation with its cross-departmental, multi-disciplinary and diverse team of over 30 lawyers. The Firm is deeply rooted in the local market with over 80 years of combined experience of the name partners while providing the highest global standards of legal services.
DPA president Faruk Bilir shared these statistics on 24 November 2024...
Turkey Privacy

DPA Shares Statistics

DPA president Faruk Bilir shared these statistics on 24 November 2024:

  • 45,397 notifications, complaints and applications (43,727 of which were finalized).
  • 1,559 data breach notifications submitted (350 of which were made public).
  • 10 undertakings regarding the transfer of personal data abroad were approved.
  • 1,039 standard contracts regarding the transfer of personal data abroad submitted.

Administrative Fines Updated

Turkish DP Law fines have been increased in line with a revaluation rate of 43.93%. Accordingly, fine amounts applied in 2025 will be as follows:

1556186a.jpg

Turkey Acts on Traffic Data Violations

The Ministry of Interior will increase inspections due to rising complaints regarding unlawful collection and sharing of accident victims' personal data. The Minister further stated that individuals and companies collecting data without consent would face legal action.

Big Fine for Twitch

The DPA has imposed a fine of approximately EUR 57,000 on Twitch for data breaches that affected up to 35,274 people in Turkey. The DPA's investigation, initiated in 2021 and involving 125 GB of data, revealed that Twitch failed to implement the necessary security measures in advance and to notify authorities after the data breach.

DPA Issues November Sales Warning

The DPA has issued a November fraud warning regarding sales campaigns such as the ubiquitous Black Friday. It recommends verifying the source of campaign messages; use of secure payment methods; opting for virtual cards; conducting transactions on personal devices; and being wary of suspicious emails. The authority further emphasized checking security certificates, reviewing privacy policies and caution when asked for unnecessary information.

Guidance on Chatbots

On 8 November 2024, the DPA published an information note on its official website regarding chatbots (with a focus on ChatGPT).

The DPA announced the following data breach notification in November:

1556186b.jpg

Chatbot applications must ensure transparency regarding how data will be used, with whom it will be shared, and how long it will be stored. Moreover, developers of chatbots must ensure compliance with personal data protection legislation and protection of user privacy. Data controllers must fulfill their obligation to inform users when collecting personal data and take appropriate security measures in line with security standards.

X Faces Huge Fine

The DPA imposed a fine of approx. EUR 42,000 on the social media platform X (formerly Twitter) for data security violations. An exofficio investigation was initiated after X stated that e-mail addresses and phone numbers collected for security purposes were being used for advertising. The fine addresses unlawful processing of personal data and failure to implement necessary security measures.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More