The Turkish Defense Committee has approved a bill introducing criminal penalties for “creating false impressions” regarding data breaches.
According to the document, individuals or organizations found guilty of “creating false impressions about a data breach” could face prison sentences ranging from 2 to 5 years. Authorities argue that the current disinformation law, enacted in 2022, fails to adequately address cybersecurity threats, and the new measures will provide more effective tools to combat malicious actors.
However, opposition lawmakers and press freedom organizations contend that the law could be used to suppress independent journalism and restrict public access to information about large-scale data breaches, including those that have affected millions of Turkish citizens.
Critics of the initiative argue that, instead of holding those responsible for failing to safeguard data accountable, the new law targets those who disclose breaches. Lawmakers further assert that the bill constitutes an attempt to “criminalize” journalism by creating a new category of offense.
The disinformation law has already become a tool for investigations against journalists and citizens, with more than 4,500 cases launched under accusations of “spreading false information.”
The proposed bill, introduced by members of the ruling Justice and Development Party (AKP), comes in the wake of numerous large-scale data breaches involving Turkish citizens. For example, in 2024, a database containing personal details of more than 108 million Turks, including deceased individuals, was uploaded to Google Drive. The breach included ID numbers, addresses, phone numbers, and other sensitive data. The government sought Google’s assistance in addressing the incident, which sparked criticism of the state’s approach to cybersecurity and concerns over the potential sale of the data on the dark web.
The bill also grants authorities the power to conduct searches and seize electronic devices without a court order in cases involving cyber threats. The opposition warns that such measures pose risks to citizens’ privacy and data confidentiality. Critics are calling for reforms in data protection legislation and cautioning against the potential for future large-scale breaches.
