June 2025 – In May 2025, The Turkish Personal Data Protection Authority (the “DPA”) organised and/or participated in both local and international events and announced four data breach notifications.
DPA Event Highlights
1. Conference on European Data Protection Authorities
The President of the DPA attended the 33rd Conference of European Data Protection Authorities held between 6–9 May. The conference featured panels on various topics including the impact of emerging technologies— particularly artificial intelligence—on personal data protection, the importance of international cooperation in the field of data protection, and the protection of children's personal data.
2. 2nd National Symposium on the Protection of Personal Data
The 2nd National Symposium on the Protection of Personal Data was jointly organised by the DPA and Istanbul Technical University. The symposium, "Artificial Intelligence Technologies and Personal Data", featured two main sessions: “Artificial Intelligence in National and International Contexts” and “The Balance Between Artificial Intelligence and Privacy”. Experts from academia and practice shared their insights and perspectives during the sessions.
3. AI Tomorrow Summit 2025
On 23 May, the president of the DPA participated as a speaker at the AI Tomorrow Summit 2025.
The president addressed the intersection of artificial intelligence technologies, and personal data protection and shared information about the initiatives and activities undertaken by the DPA in this field.
4. Privacy Awareness Week 2025
The DPA took part in Privacy Awareness Week, held between 27–29 May in Metro Manila by the National Privacy Commission of the Republic of the Philippines. Entitled “Global Privacy Matters: Navigating a Borderless Digital World and Expanding New Professional Horizons”, the event focused on current global privacy issues and professional development in the data protection ecosystem.
Data breach notifications
- Tourama Tourism Seyahat ve Ticaret Anonim Şirketi notified the DPA of unauthorised access following a security problem on the web system. Accordingly, customers’ identity data were compromised.
- Atakaş Çelik Sanayi ve Ticaret A.Ş. and Atakaş Liman İşletmeciliği ve Ticaret AŞ notified the DPA regarding a cyberattack following an attempted extortion. Accordinly, employees’ and former employees’ identity, contact, visual, and personnel information-related data was affected.
- Christian Dior Couture SA notified the DPA of a cyberattack that affected customers’ and potential customers’ personal data. Accordingly, identity, contact, customer information, and professional information-related data was compromised.
- Adidas Spor Malzemeleri Satış ve Pazarlama A.Ş. notified the DPA of a cyberattack that affected customers’ personal data. Accordingly, customers’ identity and contact data was compromised.