- within Privacy topic(s)
- in United Kingdom
- within Privacy, Employment and HR, Litigation and Mediation & Arbitration topic(s)
November 2025 – On 11 November 2025, the Turkish Personal Data Protection Board (the “Board”) announced on its official website that on 21 October 2025 it granted permission for a cross-border personal data transfer based on a non-international agreement concluded between Türkiye's Directorate General of Migration Management (under the Ministry of Interior) and the United Nations High Commissioner for Refugees (“UNHCR”).
Background: A New Transfer Mechanism in Practice
Following the amendment to the Personal Data Protection Law on 12 March 2024, Turkish data privacy legislation contains a new cross-border data transfer mechanism. This mechanism allows transfers between (i) Turkish public institutions, organisations, or professional organisations having the status of public institution, and (ii) foreign public institutions, organisations, or international organisations, where appropriate safeguards may be ensured through a non-international agreement containing personal data protection clauses.
Under this framework, the Board's opinion must be sought during the negotiation of the agreement. Once the text is finalised, the Board's permission is required before any transfer takes place.
With this recent decision, the UNHCR-Directorate General of Migration Management agreement has become first approved example of a non-international agreement providing “appropriate safeguards” for cross-border data transfers.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]
