Answer ... (a) Internet (e-commerce)
E-commerce is regulated under Law 6563 on Regulation of Electronic Commerce and other relevant secondary legislation enacted in accordance with the law.
Law 6563 imposes certain additional obligations on service suppliers and intermediary service providers (online marketplaces which provide their services electronically, specific to e-commerce). These include the following:
- disclosure of mandatory information before the customer enters into the contract;
- certain procedural steps for the finalisation of orders;
- rules on commercial communications and posts; and
- security and data privacy compliance requirements.
The Communiqué on Safety Stamps in E-commerce also regulates the procedures and principles for using safety stamps in e-commerce. Accordingly, e-commerce service providers and intermediary service providers can use a safety stamp to guarantee trust and safety for customers. These providers should also comply with the minimum standards of safety and service quality.
In light of the above, e-commerce service providers and intermediary service providers may demand compliance with the relevant regulations and assistance to this end from the fintech players from which they procure services.
(b) Mobile (m-commerce)
There is no specific legislation on mobile commerce; the e-commerce legislation also applies to m-commerce.
(c) Big data (mining)
There is no specific legislation on big data (mining) technology. Nevertheless, Law 6698 on Protection of Personal Data applies with regard to the consent of data subjects to the collection and processing of their personal data.
(d) Cloud computing
Although there is no dedicated legislation applicable to cloud computing, certain industries and sectors are bound by data localisation requirements. The financial sector is one of them and accordingly, all information systems of banks, payment entities and payment system and security settlement operators should be located in Turkey.
(e) Artificial intelligence
There is no specific legislation applicable to artificial intelligence technology in Turkey. Nevertheless, Law 6698 on Protection of Personal Data provides that the consent of data subjects must be obtained to collect and process their personal data.
(f) Distributed ledger technology (Blockchain, cryptocurrencies)
There is no specific legislation on distributed ledger technology. Nevertheless, certain administrative acts and policies are worth mentioning. First, Turkey’s Central Bank does not consider cryptocurrencies to constitute electronic money. The Capital Markets Board has also declared that cryptocurrencies cannot be deemed as capital markets instruments.
The Financial Crimes Investigation Board’s Guidelines for Suspicious Transactions had initially identified any “money transfer to intermediary entities that are selling bitcoin from customer accounts, for bitcoin purchasing” as a type of suspicious transaction. The board subsequently amended this guidelines, describing “money transfers to domestic or foreign crypto currency exchange markets or natural or legal persons for the purposes of purchasing crypto currencies, which are not suitable with the respective [bank] customer’s profile in terms of frequency and volume” and “incoming money transfers to [bank] customer accounts, either whose sender is unknown or reason is crypto currency sale” as examples of suspicious transactions.
The President’s Annual Programme for 2019 and the Ministries of Treasury and Finance and Commerce have promoted initial coin offerings and blockchain technologies as modern financing methods, and the Capital Markets Board has been authorised to this end.