Self-Disclosure or Burying the Evidence Dilemma: A Legal Review of the Data Breach Rules under the Turkish Personal Data Protection Law

dc.authorscopusid57189635058
dc.contributor.authorKaya, M.B.
dc.date.accessioned2024-07-18T20:17:24Z
dc.date.available2024-07-18T20:17:24Z
dc.date.issued2021
dc.description.abstractTechnology has penetrated every aspect of life and brought security and privacy issues to the forefront of the regulatory landscape. In such a hyper-connected world, security breaches are inevitable. Hence, general legislation in the field of protection of personal data is becoming ubiquitous. The rules are likewise being drafted to ensure the highest degree of privacy and security. The violation of security requirements can have an unprecedented and catastrophic consequence on data controllers. A security incident can compel the data controller to notify a competent data protection authority of a breach and communicate all facts to affected data subjects. Data breach notification is self-disclosure of the data controller about a personal data-related incident regardless of the intentional or negligent character of the event. The underlying aim of this obligation is to prevent or mitigate all adverse effects or damage deriving from a data breach incident. This article maps out the legal framework governing data breach notification under the European Union’s law, in particular General Data Protection Regulation and the Turkish Data Protection Law. This article maintains that strict and burdensome data breach notification rules do not serve the interest of data protection of individuals as data controllers could refrain from notification and bury the pieces of evidence. Such a notification-phobia is a major threat to the overall cybersecurity realm. The article emphasizes that there is a need for balanced rules and adequate accountability tools which would encourage data controllers to report any data breach incidents without hesitation. © 2021 The authors.en_US
dc.identifier.doi10.26650/annales.2021.70.0007
dc.identifier.endpage241en_US
dc.identifier.issn0578-9745
dc.identifier.issue70en_US
dc.identifier.scopus2-s2.0-85174480758en_US
dc.identifier.scopusqualityN/Aen_US
dc.identifier.startpage195en_US
dc.identifier.trdizinid510419en_US
dc.identifier.urihttps://doi.org/10.26650/annales.2021.70.0007
dc.identifier.urihttps://search.trdizin.gov.tr/yayin/detay/510419
dc.identifier.urihttps://hdl.handle.net/11411/6518
dc.indekslendigikaynakScopusen_US
dc.indekslendigikaynakTR-Dizinen_US
dc.language.isoenen_US
dc.publisherIstanbul University Pressen_US
dc.relation.ispartofAnnales de la Faculte de Droit d'Istanbulen_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectBreachen_US
dc.subjectCybersecurityen_US
dc.subjectData Protectionen_US
dc.subjectNotificationen_US
dc.subjectPrivacyen_US
dc.titleSelf-Disclosure or Burying the Evidence Dilemma: A Legal Review of the Data Breach Rules under the Turkish Personal Data Protection Lawen_US
dc.title.alternativeKendini Ihbar Etme veya Delilleri Yok Etme Ikilemi: Kişisel Verilerin Korunması Hukuku Bağlamında Veri Ihlal Bildirimi Kurallarının Hukuki Analizien_US
dc.typeArticleen_US

Dosyalar