The Board of Protection of Personal Data Has Published a New Decision 20 September 2019
Pursuant to the articles 15 and 22 of the Law on Protection of Personal Data no. 6698 (“Law”), the Board of Protection of Personal Data (“Board”) is entitled to conduct necessary inspection within the scope of its remit either ex officio in case it learns the allegation of a violation or upon complaint, and to impose administrative fines in case of breach. The Board publishes decision summaries of its investigations which are considered to be important and to establish precedent on its website.
We hereby present the summary of the decision by the Board about violation of data related to information of application users.
The decision No. 2019/222 about data breach related to information of application users published on 17 September 2019 by the Board of Protection of Personal Data
Owner of an application company which allows the users to dub and share them on social media was aware of data breach, when a person, who claims to be a journalist, sent an e-mail about a person who claims to have personal data of Darknet application users, therefore, this application company agreed with an digital forensic medicine firm for investigating these claims.
As a result of this investigation, it is suspected that this incident occurs with a purchase of data copy containing the user’s information and it is detected that the information about 679.269 person, which define Turkey as a related country in its public profile, is included in the purchased data base.
Although the company indicated that necessary steps have been taken including strengthening of security measures and providing security of network and systems to prevent the repetition of breach, it is determined by the Board that the data including the information about the real person such as user name, passwords, date of birth, phone number, e-mail address, country/language of approximately 162 million user accounts is sold on Darknet web which can work on both IOS and Android operating systems. Furthermore, it is not known how the data breach occurred considering the fact that these data have been on sale since November, 2018. Also, it is detected by the Board that the fact that the company has been informed by a journalist about data breach demonstrates the faultiness of the company from technical and administrative aspect and that the company didn’t inform the users about data breach on a large scale, in this reason, these users can only find out from certain sites if their data has been breached.
For this reason, the Board, pursuant to Article 12 of the Law, decided to impose TL 680,000 due to lack of administrative and technical measures to ensure the protection of personal data within the scope of Article 18 of the Law No. 6698 and also decided to impose TL 50,000 due to application which violates the obligation to notify as soon as possible. Furthermore, the Board, considering the number of person affected by the breach, decided that this breach should be announced on the website of the Board in accordance with Article 12 of Law No. 6698.
Other News
-
19.4.2024
The Constitutional Court Decision Annulled The Regulation Envisaging Liability For Litigation Expenses Within The Scope Of Mediation In Civil Disputes
In accordance with paragraph 11 of Article 18/A of Law No. 6325 on Mediation in Civil Disputes1 ("the Code"), a party shall be held liable for the entire cost of the litigation, nothwithstanding justification at the conclusion of the proceedings, and shall not be granted power of attorney fee if he or she fails to appear for the initial session of mandatory mediation without providing an explanation.The aforementioned regulation is outlined as follows:
-
8.4.2024
E-Application" Period In Capital Markets Board Applications
With its announcement dated 5 February 2024, the Capital Markets Board ("Board") announced to the public that capital market institutions, organisations and partnerships will be able to make their applications more quickly and effectively through the e-Application System.
-
5.4.2024
The Amounts In The Pre-Conditions To Be Complied With Before The Initial Public Offering Of Shares In Several Sectors Were Decreased
The Capital Markets Board ("Board" or "CMB") decreased the financial thresholds for financial statements, especially considering the sectoral differences of the companies that submitting to the Board for initial public offering and the 12th Development Plan ("Plan") prepared by the Presidency of the Strategy and Budget Directorate.
-
15.3.2024
New Regulations Introduced With The 8th Judicial Package
The Law No. 7499 on the Amendment of the Code of Criminal Procedure and Certain Laws ("Law"), which contains amendments and new regulations known as the "8th Judicial Package", was published in the Official Gazette dated 12 March 2024 and numbered 32487. In this article, we will discuss the amendments to the Criminal Procedure Code No. 5271 (" CPC"), Turkish Criminal Code No. 5237 ("TCC"), Turkish Civil Code No. 4721 ("TCC"), Enforcement and Bankruptcy Code No. 2004 ("EBC") and Law No. 6384 on the Duties and Working Procedures and Principles of the Compensation Commission.
-
12.3.2024
Changes In The PDPL Was Published In THE Official Gazette
Law No. 7499 on Amendments to the Code of Criminal Procedure and Some Laws ("Law No. 7499") including critical amendments to the Law No. 6698 on the Personal Data Protection Law ("PDPL") was published in the Official Gazette on March 12, 2024.
-
9.2.2024
Amendments Were Made To The Regulations Based On The Occupational Health And Safety Law
In the Official Gazette dated 4 February 2024 and numbered 32450, amendments were made to some regulations issued based on the Occupational Health and Safety Law No. 6331:
-
1.2.2024
Turkish Competition Board Mergers And Acquisitions Outlook Report For 2023 Has Been Published
On January 5th, 2024, the Turkish Competition Authority has published the Report prepared by the Competition Board on Mergers, Acquisitions And Privatisation Transactions in 2023 ("Report").
-
31.1.2024
Important Principle Decision From The Advertising Board Regarding Discount Sale Advertisements
At the first meeting of the year held on January 9, 2024, the Advertising Board made an important principle decision regarding discount sale advertisements by amending the "Guideline on Advertisements Containing Price Information and Discount Sale Advertisements and Commercial Practices" in order to prevent consumer victimization through misleading advertisements and practices that lead to unfair competition in the retail trade sector.
-
17.1.2024
The Authority to Decide on Trademark Cancellation Passed to the Turkish Patent And Trademark Office!
In Article 192/1 (a) of the Industrial Property Law ("IPL") published in the Official Gazette dated 10 January 2017 and numbered 29944, the enforcement of Article 26 of the Law titled "Cancellation Cases and Cancellation Request" was postponed until seven years later, and with the Provisional Article 4 of the IPL, it was stipulated that the authority to decide on the cancellation of trademarks would be directly exercised by the Intellectual and Industrial Rights Civil Courts until 10 January 2024.
-
16.1.2024
Egemenoğlu Hukuk Bürosu / Internship Application
We are pleased to announce the opening of internship applications at Egemenoğlu Hukuk Bürosu. Legal Internship Application Deadline: March 15 Summer Internship Application Deadline: March 29 Prospective candidates are requested to submit their CVs either through our website www.egemenoglu.av.tr or by sending them to info@egemenoglu.av.tr.
-
12.1.2024
Turkish Sustainability Reporting Standards (TSRS) And Scope Of Application Of TSRSs Were Puslished In The Official Gazette
In the Official Gazette dated 29.12.2023 and numbered 32414, the Public Oversight, Accounting and Auditing Standards Authority (POA) announced the Turkish Sustainability Reporting Standards and determined the principles to be followed in sustainability reports.
-
11.1.2024
Important Regulations Which Are Effective As Of 2024 And/ Or Has Been Made Subject To Time Extension
Laws No. 5746 and No. 6550 extended the regulation on higher depreciation (showing expenses related to depreciation) and calculation rates and periods for new machines acquired for use in R&D, innovation and design activities.
-
19.12.2023
The Principles and Rules to be Applied in Retail Trade have been reorganize
With the "Regulation Amending the Regulation on Principles and Rules to be Applied in Retail Trade" prepared by the Ministry of Commerce and published in the official gazette on 14.12.2023, significant changes were made in the principles and rules of retail trade.
-
18.11.2023
Warning From The Authority On Sending Verification Codes To Customers Via Sms During Shopping
The Personal Data Protection Authority ("Authority") published a Public Announcement ("Announcement") on the Processing of Personal Data by Sending a Verification Code via SMS to the Data Subjects during Shopping in Stores.
-
14.11.2023
Communiqué Amending the Communiqué on the Procedures and Principles Regarding the Application of Article 376 of the Turkish Commercial Code No. 6102 has been published
In order to regulate the procedures and principles to be followed in cases of loss of capital or insolvency of joint stock companies, limited liability companies and limited partnership companies with capital divided into shares within the scope of Article 376 of the Turkish Commercial Code No. 6102 (Law), the Communiqué on the Procedures and Principles Regarding the Application of Article 376 of the Turkish Commercial Code No. 6102 (Communiqué) was first published in the Official Gazette dated 15/09/2018 and numbered 30536, and with the Provisional Article 1 of this Communiqué until 01/01/2023, Within the scope of Article 376 of the Law, it was stated that foreign exchange losses arising from foreign currency denominated liabilities that have not yet been fulfilled may not be taken into account in the calculations regarding capital loss or insolvency.