According to Article 16 of the Law, an obligation to register in the Data Controllers Registry (“VERBIS”) has been introduced for data controllers.
In 2018, the Board issued decisions granting exemptions from the registration obligation to specific professional groups, associations, and political parties. The Board also granted a general exemption to data controllers residing in Turkey with less than 50 employees and less than TRY 25 million on their balance sheets.
Data…
»
The Law provides for both administrative fines and criminal liability where data breaches have occurred.
Regarding criminal penalties, the Law refers to the relevant provisions of the Turkish Criminal Code that details sanctions for the unlawful recording, disclosing, or transferring of personal data.
In addition to criminal sanctions, the Law also contains provisions detailing administrative fines applicable in a breach. Four breaches have been defined under the Law:
The…
»
The Law does not include an explicit provision concerning the process for appealing Board decisions that impose administrative fines. However, it is accepted that criminal courts of peace are the authorised courts under Law No. 5326 on Misdemeanours dated 30/3/2005 since the title of Article 18 of the Law is “Misdemeanours,” and administrative fines are issued as per Article 18 of the Law. With this in mind, decisions imposing behavioural sanctions can be appealed before…
»
Cumulative protection is no longer available in light of a recent Court of Cassation decision
Trademarks are protected under the IP Code, but “name[s], title[s] or trademark[s]” are not covered by the unfair competition provisions under the new Commercial Code
The decision will have a serious impact on pending cases
In a recent decision that challenges longstanding precedents, the Court of Cassation has ruled that, in cases where trademark infringement has been found, it…
»
The Board prepared the Guidelines on Cookies Applications (“Guidelines”) explaining cookies and practical advice for data controllers who process personal data through cookies. The Guidelines was published on the official website of the DPA on June 20, 2022.
Within the Guidelines, cookies in general and their types are regulated. Moreover, the types of cookies are categorised based on their timeframe, intended purpose and parties.
The relationship between the Electronic…
»
Processing Sensitive Personal Data
Amendments to the law have been drafted by the Board and introduce some modifications to specific disputed provisions of the Law. These have been presented to relevant institutions and organisations for their consideration. The articles to be amended are Article 6, regulating the legal grounds for processing sensitive personal data and Article 9, regulating the transfer of personal data abroad.
Under Article 6 of the Law, explicit consent…
»
