ARTICLE
20 November 2024

Two-Minute Recap Of Recent Developments In Turkish Personal Data Protection Law

GT
Gen Temizer

Contributor

Gen Temizer logo
Gen Temizer is a leading independent Turkish law firm located in Istanbul's financial centre. The Firm has an excellent track record of handling cross-border matters for clients and covers the full bandwidth of most complex transactions and litigation with its cross-departmental, multi-disciplinary and diverse team of over 30 lawyers. The Firm is deeply rooted in the local market with over 80 years of combined experience of the name partners while providing the highest global standards of legal services.
The DPA has announced the launch of its "standard contract notification module" which will allow users to submit standard contracts for cross-border data transfers.
Turkey Privacy

Notification Module Launched

The DPA has announced the launch of its "standard contract notification module" which will allow users to submit standard contracts for cross-border data transfers. The DPA stated that the module has been designed so that data controllers and data processors can fulfill their notification obligations in a faster and more efficient manner.

You can find our detailed article on this topic here.

Data Protection Authority Shares Statistics

As of 2024, at the 4th Personal Data Protection Summit, DPA president Faruk Bilir shared the following statistics with the public:

  • 44,322 notifications, complaints and applications made (42,714 of which were finalized).
  • 1530 data breach notifications submitted to the DPA (346 of which were publicized).
  • EUR 22,000,000 in administrative fines was imposed.
  • 10 undertakings regarding the transfer of personal data abroad were approved.
  • 717 standard contracts regarding the transfer of personal data abroad were approved.

Harmonization with GDPR is the Goal

The 2025 Presidential Annual Program has stated that harmonization of Turkish DP Law with EU law, particularly the GDPR, will be completed in 2025. The effect of EU digital regulations on the export of goods and services will be examined and a road map created to determine the next steps.

Constitutional Court Personal Data Ruling

The Turkish Constitutional Court ("Court") has ruled that rights of access to justice were violated when a lawsuit was rejected after failure to provide defendants' Turkish ID numbers ("TRIN") and addresses. The court of first instance determined that failure to meet a deadline to provide the missing information meant that the lawsuit was not filed. The applicant appealed arguing that the requested information was not mandatory and, on rejection of its appeal, made an individual application to the Court.

The Court requested an opinion from the ministry which argued that Article 2 of the Attorney Law stipulates lawyers must consider the relevant factors. In response the applicant argued that the TRIN was personal data. The Court concluded there was no legal basis to grant a definite period for completion of the information (which is not mandatory) nor for deeming the lawsuit not filed at the end of this period. Moreover, obtaining this information unlawfully would be a criminal act. It therefore ruled that access to the court was prevented under the right to a fair trial and that the consequences of the violation were eliminated.

The DPA Announced the Following Data Breach Notifications in October:

1546648a.jpg

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More