In 1981, Turkey signed the Convention for the Protection of
Individuals with Regard to Automatic Processing of Personal Data
("Convention") at Strasbourg. In 2001, an amendment
Protocol was added to the Convention, specifically addressing
supervisory authorities and transborder data flows
("Protocol"). In February 2016, Turkey ratified the 1981
Convention into local legislation (more) and it has also now
ratified the additional 2001 Protocol.
Ratification Law No. 6705 Regarding Additional Protocol To The
Convention For The Protection Of Individuals With Regard To
Automatic Processing Of Personal Data Regarding Supervisory
Authorities And Transborder Data Flows ("Ratification
Law") was published in Official Gazette number 29703.
The Protocol requires each signatory country to establish one or
more authorities, responsible for ensuring compliance with the
Convention's measures in domestic law, as well as give effect
to the General Provisions and Basic Principles for Data
Supervisory Authorities hold investigatory and intervention
powers. They should operate independently and will hear claims
about processing of personal data. Decisions can be appealed
through the courts.
Supervisory Authorities should be able to apply to the judicial
authorities where domestic law is breached and should co-operate
with other Supervisory Authorities to the extent necessary.
Transborder flows of personal data
The Protocol requires signatory country to only transfer
personal data to a recipient which is subject to the jurisdiction
of a State/organization that is not Party to the Convention if that
State/organization ensures an adequate level of protection for the
Parties can allow for personal data transfers if:
The transfer is for the data subject's specific
Public interests are more important.
The responsible data controller provides contractual safeguards
for the transfer and these are found adequate by the competent
authorities according to domestic law.
The Ratification Law does not accept a clause in the Protocol
stating that The Republic of Cyprus is represented by the Greek
Cypriot Administration of Southern Cyprus in any manner, nor that
the Protocol establishes any obligation to contact The Republic of
Please see the link for the full text of the
Ratification Law (only available in Turkish).
Information first published in the
MA | Gazette, a fortnightly legal update newsletter produced by
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).