DPA Shares Statistics
DPA president Faruk Bilir shared these statistics on 24 November 2024:
- 45,397 notifications, complaints and applications (43,727 of which were finalized).
- 1,559 data breach notifications submitted (350 of which were made public).
- 10 undertakings regarding the transfer of personal data abroad were approved.
- 1,039 standard contracts regarding the transfer of personal data abroad submitted.
Administrative Fines Updated
Turkish DP Law fines have been increased in line with a revaluation rate of 43.93%. Accordingly, fine amounts applied in 2025 will be as follows:
Turkey Acts on Traffic Data Violations
The Ministry of Interior will increase inspections due to rising complaints regarding unlawful collection and sharing of accident victims' personal data. The Minister further stated that individuals and companies collecting data without consent would face legal action.
Big Fine for Twitch
The DPA has imposed a fine of approximately EUR 57,000 on Twitch for data breaches that affected up to 35,274 people in Turkey. The DPA's investigation, initiated in 2021 and involving 125 GB of data, revealed that Twitch failed to implement the necessary security measures in advance and to notify authorities after the data breach.
DPA Issues November Sales Warning
The DPA has issued a November fraud warning regarding sales campaigns such as the ubiquitous Black Friday. It recommends verifying the source of campaign messages; use of secure payment methods; opting for virtual cards; conducting transactions on personal devices; and being wary of suspicious emails. The authority further emphasized checking security certificates, reviewing privacy policies and caution when asked for unnecessary information.
Guidance on Chatbots
On 8 November 2024, the DPA published an information note on its official website regarding chatbots (with a focus on ChatGPT).
The DPA announced the following data breach notification in November:
Chatbot applications must ensure transparency regarding how data will be used, with whom it will be shared, and how long it will be stored. Moreover, developers of chatbots must ensure compliance with personal data protection legislation and protection of user privacy. Data controllers must fulfill their obligation to inform users when collecting personal data and take appropriate security measures in line with security standards.
X Faces Huge Fine
The DPA imposed a fine of approx. EUR 42,000 on the social media platform X (formerly Twitter) for data security violations. An exofficio investigation was initiated after X stated that e-mail addresses and phone numbers collected for security purposes were being used for advertising. The fine addresses unlawful processing of personal data and failure to implement necessary security measures.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.