LEGAL AND COMPLIANCE RISKS OF NEW TECHNOLOGIES

Yıl 2024, Cilt: 6 Sayı: 1, 679 - 705, 01.07.2024

Yasemin Güllüoğlu Fatih Erdemir

https://doi.org/10.47136/asbuhfd.1427507

Öz

Technology is developing parabolically. This development affects businesses' way of conduct. Both internal and external processes of enterprises are digitalized in order to increase efficiency and flexibility. Yet, the digitalization creates a variety of vulnerabilities and new legal and compliance risks. Some of these risks may arise directly from the technological tools used, for example, from a software. Some risks arise due to the features of these technological tools. For example, being vulnerable to cyber-attacks, hosting artificial intelligence. Some technological risks, on the other hand, may be caused by the characteristics of technological tools as well as the lack of awareness of the employees using these tools. The aim of this study is to address some of the legal and compliance risks that arise with technological developments and to suggest precautions that can be taken against these risks. In this context, first of all, the digitalization of enterprises will be briefly mentioned, then examples of the risks arising with digitalization will be given, and finally, some general recommendations will be made based on the measures that can be taken against these risks.

Anahtar Kelimeler

Digitalization, legal and compliance risks, Cybersecurity, Compliance Education, GRC Systems

YENİ TEKNOLOJİLERİN HUKUKİ VE UYUM RİSKLERİ

Öz

Teknoloji katlanarak gelişiyor. Bu gelişme işletmelerin davranış biçimlerini de etkilemektedir. Verimliliğin ve esnekliğin artırılması amacıyla işletmelerin hem iç hem de dış süreçleri dijitalleştirilmektedir. Ancak dijitalleşme çeşitli güvenlik açıklarının yanı sıra yeni yasal ve uyumluluk riskleri de yaratıyor. Bu risklerin bir kısmı doğrudan kullanılan teknolojik araçlardan, örneğin bir yazılımdan kaynaklanabilmektedir. Bu teknolojik araçların özelliklerinden dolayı bazı riskler ortaya çıkmaktadır. Örneğin siber saldırılara karşı savunmasız olmak ve yapay zekayı barındırmak. Bazı teknolojik riskler ise teknolojik araçların özelliklerinden ve bu araçları kullanan çalışanların bilinçsizliğinden kaynaklanabilmektedir. Bu çalışmanın amacı teknolojik gelişmelerle birlikte ortaya çıkan bazı yasal ve uyumluluk risklerine değinmek ve bu risklere karşı alınabilecek önlemleri önermektir. Bu bağlamda öncelikle işletmelerin dijitalleşmesine kısaca değinilecek, ardından dijitalleşmeyle birlikte ortaya çıkan risklere örnekler verilecek ve son olarak bu risklere karşı alınabilecek önlemlere dayalı olarak bazı genel önerilerde bulunulacaktır.

Anahtar Kelimeler

Dijitalleşme, yasal ve uyumluluk riskleri, Siber Güvenlik, Uyum Eğitimi, GRC Sistemleri

Kaynakça

• Akerkar, Rajendra. Artificial Intelligence for Business. Norway: Springer, 2019.
• Albinson, Nancy, Cherian Thomas, Michael Rohrig, and Yang Chu. “Future of Risk in the Digital Era: Transformative Change. Disruptive Risk.” Deloitte. December 22, 2023. https://www2.deloitte.com/us/en/pages/advisory/articles/risk-in-the-digital-era.html.
• Amann, Wolfgang. Artificial Intelligence and its Impact on Business. Information Age Publishing, 2020.
• American Bankers Association. "Ransomware Attacks." Accessed December 22, 2022. https://www.aba.com/advocacy/community-programs/consumer-resources/protect-your-money/ransomware-tips?__cf_chl_jschl_tk__=8906558d85d556715462d48e2f547994675c6c0e-1625131683-0-AU8_rrFAgVV3VQxGElAmIvGzWbAQgEzLxl4SheaYBX4J3l4xcOMvzXp9LNFH2iIXWn2NQAH7_2RkT6f.
• Bamberger, Kenneth A. "Technologies of Compliance: Risk and Regulation in a Digital Age." Texas Law Review 88 (2010): 669-739.
• Bayram, Mehmet Hanifi. Avrupa Birliği ve İnternet Hukuku. Ankara: Seçkin Yayıncılık, 2011.
• Berman, Stuart J. "Digital Transformation: Opportunities to Create New Business Models." Strategy & Leadership 40, no. 2 (2012): 16-24.
• Cath Corrine. “Governing Artificial Intelligence: Ethical, Legal and Technical Opportunities and Challenges.” Phil. Trans. R. Soc. A 376: 20180080. http://dx.doi.org/10.1098/rsta.2018.0080.
• Daniel Dimov. “Legal Issues of New and Emerging Technologies.” infosecinstitute.com accessed March 23,2024 https://www.infosecinstitute.com/resources/management-compliance-auditing/legal-issues-of-new-and-emerging-technologies/.
• Davenport, Thomas and Rajeev Ronanki. "Artificial Intelligence for the Real World." Harvard Business Review, January-February 2018, 108-116.
• Deloitte. “The legal implications of Generative AI.” Accessed March 22, 2024. https://www2.deloitte.com/content/dam/Deloitte/us/Documents/consulting/us-ai-institute-generative-ai-legal-issues.pdf.
• Dickson, Ben. "The IoT Ransomware Threat Is More Serious Than You Think." TechTalks. August 22, 2016. https://bdtechtalks.com/2016/08/22/the-iot-ransomware-threat-is-more-serious-than-you-think/.
• Dülger, Murat Volkan. Bilişim Suçları ve İnternet İletişim Hukuku. Ankara: Seçkin, 2012.
• Erbaşlar, Gazanfer and Şükrü Dokur. Elektronik Ticaret. İstanbul: Nobel Akademik Yayıncılık, 2012.
• Erdemir, Fatih, and İrem, Erdemir. "Fidye Yazılımların Türk Ceza Hukuku Kapsamında Değerlendirilmesi." In Fintek ve Hukuk, edited by Ural Aküzüm, Cemre Çise Kadıoğlu Kumtepe and Zeynep Ekinci, 138-180. İstanbul: Hukuk Akademisi, 2021.
• Erdemir, İrem. “Kişilik Hakkının İnternet Ortamında İhlali.” Master diss., Hacettepe University, 2019.
• Erdoğan, Melih and Ahmet Onay. "Yönetişim-Risk-Uygunluk (YRU) Yaklaşımı ve İç Denetim Fonksiyonu İlişkisi: İç Denetim Sorumluluklarının YRU Yaklaşımına Etkisi Üzerine Yapısal Eşitlik Modeli Araştırması." TİDE Academia Research 2 (2019): 149-198.
• Güllüoğlu Altun, Yasemin, and Elif Bilen. "Tahkim Sözleşmesi." Hukuk ve Adalet Eleştirel Hukuk Dergisi 13, no. 29 (2021): 173-226.
• Humayun, Mamoona, NZ Jhanjhi, Ahmet Alsayat, Vasaki Ponnusamy. “Internet of Things and Ransomware: Evolution, Mitigation and Prevention.”Egyptian Informatics Journal 22 (2021): 105-17. https://www.sciencedirect.com/science/article/pii/S1110866520301304.).
• ICANN Archives. "ICANN Archives." Accessed December 22, 2022. https://archive.icann.org/tr/turkish.html.
• ICANN. "Information for Registrars." Accessed December 22, 2022. https://www.icann.org/resources/pages/registrars-0d-2012-02-25-en.
• ICANN. "List of Approved Dispute Resolution Service Providers." Accessed December 22, 2022. https://www.icann.org/resources/pages/providers-6d-2012-02-25-en.
• ICANN. "Uniform Domain Name Dispute Resolution Policy." Accessed December 22, 2022. https://www.icann.org/resources/pages/policy-2012-02-25-en.
• ICANN. "Uniform Domain-Name Dispute-Resolution Policy." Accessed December 22, 2022. https://www.icann.org/resources/pages/help/dndr/udrp-en.
• Imgrund, Florian, Marcus Fischer, Axel Winkelmann, and Christian Janiesch. "Approaching Digitalization with Business Process Management." Conference: Multikonferenz Wirtschaftsinformatik. Lüneburg, 2018.
• Iriana, Reiny and Francis Buttle. "Strategic, Operational, and Analytical Customer Relationship Management." Journal of Relationship Marketing 5, no. 4(2006): 23-42.
• Kent, Bülent. Türkiye'de İnternet Sitelerine Erişimin Engellenmesi. Ankara: Adalet Yayınevi, 2019.
• Korolov, Maria. "93% of Phishing Emails Are Now Ransomware." CSO. June 1, 2016. https://www.csoonline.com/article/3077434/93-of-phishing-emails-are-now-ransomware.html.
• Kumar, Chethan. "Artificial Intelligence: Definition, Types, Examples, Technologies." Medium. August 31, 2018. https://chethankumargn.medium.com/artificial-intelligence-definition-types-examples-technologies-962ea75c7b9b.
• Oğuz, Habip. İnternet Ortamında Kişilik Haklarının İhlali ve Korunması (Ankara: Adalet, 2012).
• Oracle. "Definition of Enterprise Resource Planning (ERP)." Accessed December 22, 2022. https://www.oracle.com/erp/what-is-erp/.
• Öztan Fırat. Fikir ve Sanat Eserleri Hukuku. Ankara:Turhan Kitabevi, 2008.
• Öztürk, Ezgi. "İnternet Yoluyla Markanın Haksız Kullanımı." Terazi Hukuk Dergisi no:45 (2010): 69-79.
• Phishing.org. "What is Phishing." accessed December 12, 2022. https://www.phishing.org/what-is-phishing. T.C. Kültür ve Turizm Bakanlığı. “Edebiyat Ve Sanat Eserlerinin Korunmasına İlişkin Bern Sözleşmesi.” Accessed March 23, 2024. https://telifhaklari.ktb.gov.tr/TR-332363/edebiyat-ve-sanat-eserlerinin-korunmasina-iliskin-bern-sozlesmesi.html.
• William F. Crittenden, Isabella K. Biel, William A. Lovely. "Embracing Digitalization: Student Learning and New Technologies." Journal of Marketing Education 41, no. I (2018): 5-14.
• WIPO. "Domain Name Dispute Resolution." Accessed December 22, 2022. https://www.wipo.int/amc/en/domains/.
• Zetter, Kim. "4 Ways to Protect Against the Very Real Threat of Ransomware." Wired. May 13, 2016. https://www.wired.com/2016/05/4-ways-protect-ransomware-youre-target/.
• Zetter, Kim. "What Is Ransomware? A Guide to the Global Cyberattack's Scary Method." Wired. May 14, 2017. https://www.wired.com/2017/05/hacker-lexicon-guide-ransomware-scary-hack-thats-rise/.
• Zorluoğlu, Ayça "Alan Adlarında Kötü Niyet Kavramı." Hacettepe Hukuk Fakültesi Dergisi 2, no. 1 (2012): 67-84.