DATA PROTECTION UPDATES

LEGAL UPDATES ON DATA PROTECTION AND PRIVACY 

You may follow the recent developments on Data Protection and Privacy in Türkiye and around the World. 

SRI LANKA APPOINTS BOARD MEMBERS FOR PERSONAL DATA PROTECTION AUTHORITY

Sri Lankan President Ranil Wickremesinghe has appointed the board members of the country's Personal Data Protection Authority.

Following the approval of the Personal Data Protection Act 2022, the members of the board of directors of the authority have also been appointed. In the first phase, the members will be responsible for planning the establishment of the Personal Data Protection Authority, establishing the organisational framework and carrying out recruitment procedures.

20.10.2023

FCA FINES EQUIFAX FOR CYBER SECURITY BREACH

The UK's Financial Conduct Authority (FCA) has fined consumer credit rating agency Equifax £11 million for one of the largest cyber security breaches in history.

The FCA announced that Equifax Inc, Equifax's parent company in the US, suffered a major cyber attack in 2017, which resulted in the personal data of 147.9 million US consumers being accessed. It was also revealed that the data of 13.8 million UK consumers was also accessed, as the data was stored on servers in the US.

20.10.2023

AMENDMENT TO THE MEB REGULATION ON THE PROCESSING OF CHILDREN'S PERSONAL DATA

The Official Gazette of 14 October 2023, number 32339, published an amendment to the Regulation of the Ministry of National Education on pre-school and primary education institutions.

The amendment stipulates that the images of students taken during educational activities, social and cultural activities, excursions and observation activities in and out of school may not be shared on social media platforms and communication groups under any name.

It is stated that sharing can only be done with the written consent of the parents and the student under the supervision of the guidance teacher.

In this context, it is important to obtain the written consent of the child in order to share images of the student (the data subject), even if the child is of pre-school or primary school age.

20.10.2023

GOOGLE AND YOUTUBE PUBLISH FRAMEWORK TO PROTECT CHILDREN AND YOUNG PEOPLE IN THE DIGITAL ENVIRONMENT

Google and YouTube have released a framework to better protect children and young people online. The framework will be shared with governments, regulators and experts to help protect children and young people.

The framework, which has the key headings of respecting the best interests and developmental stages of children and young people, providing age-appropriate controls and features, reducing risks while providing useful services, and ensuring oversight and accountability, consists of 11 articles in total.

20.10.2023

CNIL PUBLISHES FREQUENTLY ASKED QUESTIONS ON THE ADEQUACY DECISION UNDER THE EU-US DATA PROTECTION PROTOCOL

The CNIL, the French data protection authority, has published frequently asked questions and answers on the adequacy decision issued by the European Commission under the EU-US Data Protection Protocol, which entered into force on 10 July 2023.

These include what the adequacy decision is, when it will enter into force, how long it will remain in force, the consequences of this decision for organisations wishing to transfer data to the US, and the key elements of the Protocol.

20.10.2023