Data Protection and Privacy Law in Turkey Key Developments and Predictions 2021
We focus on the key aspects of data privacy matters and developments in Turkey, and the most important or challenging issues regarding the same.
The Data Protection Law entered into force in 2016. Even prior to its enactment, and afterwards, we have been dealing with privacy law and data protections issues. We have seen a significant number of data breach decisions issued by the Data Protection Authority (“DPA”) in the past year, and these have shed light on the practice and claims made at the level of the DPA, which have also increased dramatically as stated by the DPA experts.
On the other hand, data breaches that have created global ambiguity have also been under the radar of the Turkish DPA. Sanctions imposed by the DPA have reached a noticeable number and, therefore, privacy issues have been at the top of the list of the agenda of most companies (local or global) providing goods/services in Turkey. Both local and global companies (to name a few - Amazon, Facebook, Zynga and Marriott) have had administrative fines imposed upon them by the Turkish DPA. At the beginning of 2021, the DPA also announced that an investigation had been launched against WhatsApp.
The Turkish DPA recently published an announcement on the importance of the right to be forgotten principle. Despite all of the developments, the most debated issues in data privacy in Turkey remain as (i) data transfers outside of Turkey in the absence of a safe country list, (ii) processing of health data and the legal grounds of such processing, and (iii) controversial regulations regarding the judicial review of DPA decisions.