- Home
- News & Insights
Search by
Latest
Quick Read: Data Protection Law Updates in Turkey – September 2024
The Turkish Data Protection Authority (“DPA”) did not publish any decisions or announcements in September; however, several important events took place. We summarise these for you below. A New Era of Cross-Border Data Transfers As of 1 September 2024, data controllers must now comply with the new rules regarding cross-border data transfers introduced by the amendments to the Turkish Data Protection Law ("DP Law") on 12 March 2024. Among the new rules are the introduction of Standard Contractual Clauses (“SCCs”), which are now a key mechanism for managing cross-border data transfers. Data controllers must sign SCCs with their data importers and submit the signed SCCs to the DPA within five days of
New Communiqué on Commercial E-Message Management Integrators in Turkey
On 18 September 2024, Turkey’s Ministry of Trade published in the Official Gazette the Communiqué on Commercial Electronic Message Management System Integrators ("Communiqué"). The Communiqué introduces new procedures relating to the registration and management of consent for commercial electronic messages in Turkey’s Message Managing System (“MMS”)—a national database where various e-communications approvals are stored and managed. Among the changes introduced, the Communiqué defines business partners that assist service providers with registering approvals in the MMS, approval tracking, and management processes as “Integrators” and authorisation is required for service provision. The Communiqué also
Ticari Elektronik İleti Yönetim Sistemi Entegratörleri Hakkında Tebliğ
Ekim 2024 – Ticaret Bakanlığı tarafından 18 Eylül 2024 tarihli Resmî Gazete ile Ticari Elektronik İleti Yönetim Sistemi Entegratörleri Hakkında Tebliğ (“Tebliğ”) yayınlanarak yürürlüğe girdi. Tebliğ ile uygulamada hizmet sağlayıcıların onaylarının İleti Yönetim Sistemi’ne (“İYS”) kaydı, onay takibi ve yönetimi süreçleri için destek aldıkları iş ortakları; bu Tebliğ kapsamında “Entegratör” olarak tanımlanarak hizmet sunumu için yetkilendirme şartı getirildi. Ayrıca, Tebliğ uyarınca 2025 Mart ayına kadar Ticaret Bakanlığından entegratörlük yetkisi almayanların hizmet sağlayıcı adına ticari elektronik iletilere ilişkin işlem tesis etmesi yasaklandı. Tebliğ’deki
Quick Read: Data Protection Law Updates in Turkey – August 2024
In August, the Turkish Data Protection Authority (“DPA”) focused on several key issues including updates on personal data processing, the release of translated by-laws and standard contract clauses, the announcement of an intergovernmental partnership, and details of two data breach notifications. Quick reminder: Cross-border data transferring rules effective from 1 September! As of 1 September 2024, data controllers must comply with the new rules on cross-border data transfers introduced by the amendments to the Turkish Data Protection Law (“DP Law”) on 12 March 2024. Importantly, data controllers will no longer be allowed to rely on explicit consent for ongoing cross-border data transfers. You can
Quick Read: Data Protection Law Updates in Turkey – July 2024
The agenda of Turkish Personal Data Protection Authority (“DPA”) for July included the anticipated regulation on the transfer of personal data abroad and the implementation of new standard contract clauses. Also in July, the DPA published the second issue of its KVKK Journal and the fourth edition of its Bulletin. Dive into July updates 1. Regulation on cross-border personal data transfer is published Following the recent amendments to the Turkish Personal Data Protection Law (“DP Law”), the DPA published the "Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad" on 10 July 2024. This regulation is a significant component of the changes to the DP Law. Key aspects
Quick Read: Data Protection Law Updates in Turkey – June 2024
Overall: Agenda of the DPA in June The agenda of the Turkish Data Protection Authority (“DPA”) was relatively quiet in June. However, preparations are underway for upcoming regulations and standard contractual clauses related to cross-border data flows. A significant change is approaching for data processing activities involving cross-border data transfers based on explicit consent. From 1 September 2024, data controllers will no longer be allowed to continuously transfer personal data abroad solely relying on explicit consent. The new process for the transfer of personal data abroad requires a three-step assessment, where data controllers must review their international data transfer activities, including the recipients
Quick Read: Data Protection Law Updates in Turkey – May 2024
In May, the Turkish Data Protection Authority (“DPA”) shared two draft regulations, approved two applications for cross-border data transferring, and announced 13 data breach notifications. Reminder: Bells ring for compliance with new scope of DP Law Amendments to the Turkish Personal Data Protection Law (“DP Law”) came into force as of 1 June 2024. Data controllers are now obliged to comply with the new scope of provisions. You can learn what will change from our information note here. Dive into May updates Draft regulation on cross border personal data transferring is published With the amendments to the DP Law, the rules relating to the transfer of personal data abroad have changed.
Turkish Competition Authority approves META’s proposed remedies
On 8 May 2024, the Turkish Competition Authority (the “Authority”) issued an announcement regarding its decision on META Platforms, Inc. (“META”)—the parent company of Facebook, Instagram, and WhatsApp. With this decision, the Authority has imposed an administrative fine on META of TRY 551,557,589.86 (approximately USD 17.1 million). Background On 20 October 2022, the Authority decided that META: made the operations of its competitors engaged in social networking services and online display advertising markets more difficult; and created an entry barrier to the market by aggregating the data collected from Facebook, Instagram and WhatsApp services. Consequently, the Authority
Turkish Competition Authority finalizes interim measures on META
On 6 May, the Turkish Competition Authority (the “Authority”) issued its decision regarding META Platforms, Inc. (“META”). This decision finalises the interim measure order (“Interim Measure Order”) and imposes an administrative fine on META amounting to TRY 335,730,707.20 (approximately USD 10.4 million). Background On 18 March, the Authority announced the Interim Measure Order against META. This Interim Measure Order aimed to prevent irreparable harm during the investigation into allegations of aggregating the data of users who created “Threads” profiles based on their Instagram accounts by linking the Threads and Instagram applications without providing the users with a consent option. The
Bells ring for compliance with new amendments to Turkish Personal Data Protection Law
On 12 March 2024, significant amendments (“Amendments”) to the Turkish Personal Data Protection Law No. 6698 (the "DP Law") were published in the Official Gazette. The Amendments are intended to improve alignment with the GDPR and to ensure greater flexibility. What are the key changes? The Amendments include regulations concerning (i) the processing of sensitive personal data, (ii) cross-border data transfers, (iii) sanctions to be applied by the Turkish Data Protection Authority (“DPA”), and (iv) the new procedure for appealing DPA decisions. Following the Amendments, the DPA is expected to issue secondary legislation to facilitate the implementation of the new provisions, particularly for cross-border data
Quick Read: Data Protection Law updates in Turkey – April 2024
In April, the Turkish data protection authority (“DPA”) held a number of events, announced an international cooperation agreement, and announced five data breach notifications. DPA’s agenda in April Data Protection Day conference On 7 April, an event was organised within the DPA to mark Data Protection Day. Co-hosted with Ankara University, the event highlighted the importance of protecting personal data and how technological advances have increased individuals' expectations of privacy. Cooperation protocol signed with Northern Cyprus On 18 April, a Cooperation Protocol was signed between the DPA and the data protection authority of the Turkish Republic of Northern Cyprus. The protocol