Turkey specifies its DP law
EU Parliament and Council review their positions on the Digital Omnibus on AI
OECD, Spain and UK issue reports on Agentic AI
Germany starts sandbox
Poland’s DPA fines postal service €6.4 million for lacking a legal basis
Civil society groups concerned about extensive data retention plans in Switzerland
California settles with Disney for $2.75 million
EDPB and EDPS on the EU Digital Omnibus: Do not change personal data concept
EDPB advises companies on EU-US transfers
Ireland introduces AI Bill to implement EU AI Act

Turkey specifies its DP law

Turkey’s DPA has further specified its interpretation of Article 12, paragraph 5 of the Data Protection Law on “Obligations regarding data security,” by stating that in a data breach scenario, notifying “as soon as possible” means within 72 hours. Also, when identifying the individuals affected by the data breach, the data controller must notify these individuals as soon as reasonably possible, either directly if their contact address is available, or by means of appropriate methods such as publishing the notification on the data controller’s website if contact information is not available.