Turkey Updates Administrative Fine Amounts Under PDPL for 2026

Turkey’s Personal Data Protection Authority (KVKK) has announced updated administrative fine amounts under the Personal Data Protection Law (PDPL), which will take effect from January 1, 2026. The revisions are part of the annual revaluation process carried out by the Ministry of Treasury and Finance and are intended to strengthen the enforcement of data protection obligations across industries. The fines cover a range of violations, including failure to register with the Data Controllers’ Registry (VERBIS), non-compliance with data security obligations, breaches of data subject rights, and failure to comply with board decisions. 

Under the new framework, fines for failing to fulfill VERBIS registration obligations will range between TRY 83,000 and TRY 5,331,000. Non-compliance with data security obligations or board decisions will attract penalties between TRY 166,000 and TRY 5,331,000. Violations related to data subject rights will result in fines between TRY 83,000 and TRY 2,665,000. These figures represent a significant increase compared to 2025, underscoring KVKK’s intent to make penalties more deterrent in the face of rising data protection challenges. 

The KVKK has emphasised that businesses operating in Turkey, particularly those in the finance, healthcare, e-commerce, and technology sectors, must reassess their compliance frameworks to avoid costly penalties. Companies are urged to adopt privacy-by-design principles, conduct data protection impact assessments, and maintain robust incident response mechanisms. Failure to demonstrate proactive compliance could expose organisations not only to financial sanctions but also to reputational damage. Regulators have also signalled heightened scrutiny of cross-border data transfers, an area where compliance gaps remain. 

📰 Mini Headlines 

• Data Leaks Data Leak Exposes 17.5 Million Instagram Accounts 

A massive data breach has reportedly exposed information from 17.5 million Instagram users, raising serious privacy concerns. The leaked dataset includes usernames, email addresses, phone numbers, and account details, though passwords were not confirmed as compromised. Cybersecurity researchers traced the breach to unsecured third-party databases linked to Instagram’s ecosystem. The incident has sparked warnings about phishing, identity theft, and targeted scams. Meta, Instagram’s parent company, is investigating the scope of the leak and potential regulatory implications.  

Data Leaks  

Read More →  https://www.notebookcheck.net/Massive-data-leak-reportedly-exposes-information-of-17-5-million-Instagram-users.1201247.0.html  

• Southeast Asia Restricts Elon Musk’s Grok AI Over Deepfake Risks 

Authorities in several Southeast Asian countries have restricted access to Elon Musk’s Grok AI, citing concerns over its potential use in generating deepfakes and disinformation. Regulators warned that the chatbot’s advanced generative capabilities could be exploited to spread manipulated content, posing risks to elections, public trust, and national security. Governments are considering stricter licensing requirements for AI platforms operating in the region. The restrictions reflect a broader global push to regulate generative AI amid rising misuse cases. 

Deepfake 

Read More → https://www.devdiscourse.com/article/technology/3766291-southeast-asia-restricts-elon-musks-grok-ai-over-deepfake-concerns?amp 

• French Software Company Fined $2 Million for Cybersecurity Failings 

OpenAI’s new ChatGPT Health feature has drawn criticism from privacy advocates over its handling of sensitive medical data. The tool, designed to provide health information and guidance, collects user inputs that may include personal health details. Critics warn that without strict safeguards, such data could be vulnerable to misuse or unauthorised sharing. Regulators stress that medical information requires heightened protection under privacy laws. While OpenAI claims the system complies with security standards, watchdogs argue that transparency and explicit consent are essential.  

Cybersecurity Failings 

Read More →     https://therecord.media/chatgpt-health-draws-concern-privacy-critics