After a decade of winding its way through the legislative
process, Turkey's new Data Protection Law entered into force on April 7. Although Turkey
previously had a few sectoral data protection laws on the books,
this is the first time the country has had an omnibus data
protection law. Although details remain somewhat scant at this
point, this new law deserves the attention of any company that
conducts business in Turkey or collects the personal data of
customers, employees, or other individuals located in Turkey.
Turkey's new law is fairly similar to the EU's data
protection regime in many respects, but it also contains a few
notable differences. Although an official English translation of
the law is not yet available, reliable secondary sources have
indicated that some of the notable features of the law are as
Like the EU Data Directive, the Turkish Data Protection
Law distinguishes personal data (meaning information relating to an
identified or identifiable person) from sensitive (or special)
data, and makes sensitive data subject to additional protections.
The Turkish definition of sensitive data largely overlaps with the
definition set out in the EU Directive and includes information
such as racial or ethnic origin, political opinion, union
membership, and data about health or sex life. However,
Turkey's law also categorizes information about a person's
appearance as sensitive data.
Both personal and sensitive data may
not be processed absent the data subject's express consent, but
the law does not clarify what "express consent"
Like the Directive, the law creates a
distinction between data controllers and data processors, and
assigns certain responsibilities accordingly. Data controllers must
register with Turkey's Data Protection Registry, which will be
established by October 7 of this year.
The law imposes some restrictions on
the transfer of personal data outside of Turkey; specifically, the
data subject must give express consent for the transfer, and the
receiving country must offer sufficient data protection. If the
transferee country does not offer sufficient data protection,
Turkey's Data Protection Board must give permission for the
transfer. However, companies still have time to ensure that their
operations are compliant with these requirements, as these
cross-border transfer rules will not go into effect until October
In short, the Data Protection Law
appears to represent Turkey's attempt to harmonize its data
protection regime with that currently in force in the EU, which
Turkey still is striving to join. It remains to be seen how
Turkey will enforce the law, and how the various provisions of the
law will be interpreted, but in the meantime it is important for
any company with Turkish ties to begin familiarizing itself with
that country's new privacy regime.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).