Self-Disclosure or Burying the Evidence Dilemma: A Legal Review of the Data Breach Rules under the Turkish Personal Data Protection Law

Küçük Resim Yok

Tarih

2021

Yazarlar

Dergi Başlığı

Dergi ISSN

Cilt Başlığı

Yayıncı

Istanbul University Press

Erişim Hakkı

info:eu-repo/semantics/openAccess

Özet

Technology has penetrated every aspect of life and brought security and privacy issues to the forefront of the regulatory landscape. In such a hyper-connected world, security breaches are inevitable. Hence, general legislation in the field of protection of personal data is becoming ubiquitous. The rules are likewise being drafted to ensure the highest degree of privacy and security. The violation of security requirements can have an unprecedented and catastrophic consequence on data controllers. A security incident can compel the data controller to notify a competent data protection authority of a breach and communicate all facts to affected data subjects. Data breach notification is self-disclosure of the data controller about a personal data-related incident regardless of the intentional or negligent character of the event. The underlying aim of this obligation is to prevent or mitigate all adverse effects or damage deriving from a data breach incident. This article maps out the legal framework governing data breach notification under the European Union’s law, in particular General Data Protection Regulation and the Turkish Data Protection Law. This article maintains that strict and burdensome data breach notification rules do not serve the interest of data protection of individuals as data controllers could refrain from notification and bury the pieces of evidence. Such a notification-phobia is a major threat to the overall cybersecurity realm. The article emphasizes that there is a need for balanced rules and adequate accountability tools which would encourage data controllers to report any data breach incidents without hesitation. © 2021 The authors.

Açıklama

Anahtar Kelimeler

Breach, Cybersecurity, Data Protection, Notification, Privacy

Kaynak

Annales de la Faculte de Droit d'Istanbul

WoS Q Değeri

Scopus Q Değeri

N/A

Cilt

Sayı

70

Künye