ARTICLE
20 November 2023

Cooperation Between The Turkish Competition Authority And The Personal Data Protection Authority

GP
Guleryuz Partners

Contributor

We are Güleryüz Partners, an Istanbul based law firm, offering high-quality legal services to domestic and multinational clients. Our team consists of energetic young professionals led by talented partners with strong academic backgrounds at prestigious universities in the USA, UK, and Germany, coupled with vast market experience exceeding a decade at top tier Turkish law firms. Our practice ranges from complex disputes to sophisticated M&A and finance transactions. We provide niche legal services in a wide range of legal areas such as litigation and dispute resolution, local and cross border M&As, banking, finance and capital markets, venture capital investments and start-ups, and compliance and corporate governance. We heavily invest in our pro bono projects in Turkiye and work together with institutions, foundations, and other organizations to provide legal advice to the persons in need of help. We also pride ourselves on fostering and promoting a diverse, equitable and inclusive work environment.
Competition law and data protection law are both regarded as essential parts of digital markets and the digital economy.
Turkey Privacy

Competition law and data protection law are both regarded as essential parts of digital markets and the digital economy. Although they are two separate disciplines, these disciplines have started to overlap, especially when it comes to digital markets where the economic value of data has started to be discussed in conjunction with the concept of big data. Indeed, in digital markets, data not only serves as data, but also is considered as a factor that ensures market power and/or dominant position. Especially after the Facebook decision by the German Competition Authority, the relationship between competition and data protection authorities and whether they can interfere with each other's jurisdiction has started to be discussed worldwide. With the recently announced cooperation protocol between the Turkish Competition Authority and the Personal Data Protection Authority, it has become a matter of curiosity whether this debate can be resolved more easily in the Turkish practice. In this respect, the protocol, which strengthens the co-operation between the two institutions under Turkish law was published.

The Process that Started in Europe with the Facebook Decision

The Facebook decision dated February 6, 2019 issued by the German Federal Competition Authority "Bundeskartellamt" was an important launch point of the jurisdictional debate between competition and data protection authorities. In the decision, the terms of service applied to users by Facebook, which was determined to be in a dominant position in social networks, were discussed and certain restrictions on the processing of user data were stipulated. Previously, Facebook users were able to use the platform if they agreed the terms of service stipulating that Facebook may collect data including Facebook.com, but also through outside of the website and smartphone applications, including websites and applications owned by Facebook and the possibility of combining data collected by third parties and smartphones and transferring it to the user's Facebook account. In this respect, third parties were able to collect data by using Facebook's WhatsApp, Oculus, Masquerade and Instagram business services and third-party websites and applications. However, Facebook's actions in question were deemed incompatible with both the principles of personal data protection and competition rules. The most important and most controversial aspect of the infringement decision issued by the German Federal Competition Authority was that the German Federal Competition Authority considered itself authorised to decide on Facebook's breach of data protection rules in addition to competition infringements, and that the decision included assessments regarding the European Union General Data Protection Regulation ("GDPR").

A legal action was filed before the Higher Regional Court of Düsseldorf against the decision of the German Federal Competition Authority, which prevented Facebook from processing combined user data on its platform without the consent of users. In that case, the Higher Regional Court of Düsseldorf sought the opinion of the Court of Justice of the European Union ("CJEU") on how particular provisions of the GDPR should be interpreted and whether national competition authorities are entitled to apply the GDPR when investigating competition law infringements. In its decision dated 4 July 2023, the CJEU ruled that national competition authorities may apply the GDPR in their examinations of alleged abuse of dominant position. However, the CJEU also underlined that competition authorities may only use their competences to determine infringements of competition law, not to take over the duties of data protection authorities, and that they must cooperate with other authorities in the exercise of these duties.

A similar Facebook (now Meta) investigation was initiated in Türkiye and the Competition Board examined similar issues under Turkish competition law. The Board decided that Facebook had distorted competition by combining the data collected from Facebook, Instagram and WhatsApp services, which are referred to as core services, making it difficult for its competitors operating in the personalised social networking services and online display advertising markets and creating barriers to entry to the market. Similarly, the Board included assessments regarding the personal data protection legislation in its decision.

Protocol Signed Between The Authorities

Although the process that started with the Facebook decisions has raised questions between the jurisdictions of competition and data protection authorities, both the CJEU decision and the cooperation efforts of national authorities aim to facilitate the clarification of these grey areas. Accordingly, it was announced that a Cooperation and Information Sharing Protocol ("Protocol") was signed between the Turkish Competition Authority and the Personal Data Protection Authority on October 26, 2023. In the joint announcement made by both authorities, it was stated that with the Protocol in question, the two authorities will cooperate on the following issues:

a) Conducting joint activities in developing areas that fall within the jurisdiction of both authorities and that may cause irreparable damage in the absence of rapid and effective intervention,

b) Publishing reports with the cooperation of both authorities in order to enhance the awareness of users in terms of the protection of personal data and competition, especially in digital markets, and conveying a common message to undertakings in terms of practices concerning both areas of law,

c) Organising joint presentation and discussion programmes within the scope of the traditional "Wednesday Seminars" of the Personal Data Protection Authority and/or "Thursday Conferences" of the Competition Authority,

d) Organising workshops where the relevant authorities share their expertise and experience in their fields of duty with each other,

e)Consulting on common issues in national and/or international events organised and/or attended by the relevant authorities, and supporting these events on issues within the authorities' own fields.

The announcement also stated that the Protocol and other efforts aim to establish effective competition in the market and to strengthen the control of consumers over their personal data.

Although global discussions continue in the areas where competition law and personal data protection law overlap, it is seen that the foundations of cooperation between the two authorities have been laid in Türkiye and it is aimed to work together by strengthening the communication between the institutions instead of embracing a conflict.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Privacy Law and Privacy Regulations

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More