- Home
- News & Insights
Search by
Latest
Quick Read: Data Protection Law Updates in Turkey – August 2024
In August, the Turkish Data Protection Authority (“DPA”) focused on several key issues including updates on personal data processing, the release of translated by-laws and standard contract clauses, the announcement of an intergovernmental partnership, and details of two data breach notifications. Quick reminder: Cross-border data transferring rules effective from 1 September! As of 1 September 2024, data controllers must comply with the new rules on cross-border data transfers introduced by the amendments to the Turkish Data Protection Law (“DP Law”) on 12 March 2024. Importantly, data controllers will no longer be allowed to rely on explicit consent for ongoing cross-border data transfers. You can
Quick Read: Data Protection Law Updates in Turkey – July 2024
The agenda of Turkish Personal Data Protection Authority (“DPA”) for July included the anticipated regulation on the transfer of personal data abroad and the implementation of new standard contract clauses. Also in July, the DPA published the second issue of its KVKK Journal and the fourth edition of its Bulletin. Dive into July updates 1. Regulation on cross-border personal data transfer is published Following the recent amendments to the Turkish Personal Data Protection Law (“DP Law”), the DPA published the "Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad" on 10 July 2024. This regulation is a significant component of the changes to the DP Law. Key aspects
Quick Read: Data Protection Law Updates in Turkey – June 2024
Overall: Agenda of the DPA in June The agenda of the Turkish Data Protection Authority (“DPA”) was relatively quiet in June. However, preparations are underway for upcoming regulations and standard contractual clauses related to cross-border data flows. A significant change is approaching for data processing activities involving cross-border data transfers based on explicit consent. From 1 September 2024, data controllers will no longer be allowed to continuously transfer personal data abroad solely relying on explicit consent. The new process for the transfer of personal data abroad requires a three-step assessment, where data controllers must review their international data transfer activities, including the recipients
Quick Read: Data Protection Law Updates in Turkey – May 2024
In May, the Turkish Data Protection Authority (“DPA”) shared two draft regulations, approved two applications for cross-border data transferring, and announced 13 data breach notifications. Reminder: Bells ring for compliance with new scope of DP Law Amendments to the Turkish Personal Data Protection Law (“DP Law”) came into force as of 1 June 2024. Data controllers are now obliged to comply with the new scope of provisions. You can learn what will change from our information note here. Dive into May updates Draft regulation on cross border personal data transferring is published With the amendments to the DP Law, the rules relating to the transfer of personal data abroad have changed.
Turkish Competition Authority approves META’s proposed remedies
On 8 May 2024, the Turkish Competition Authority (the “Authority”) issued an announcement regarding its decision on META Platforms, Inc. (“META”)—the parent company of Facebook, Instagram, and WhatsApp. With this decision, the Authority has imposed an administrative fine on META of TRY 551,557,589.86 (approximately USD 17.1 million). Background On 20 October 2022, the Authority decided that META: made the operations of its competitors engaged in social networking services and online display advertising markets more difficult; and created an entry barrier to the market by aggregating the data collected from Facebook, Instagram and WhatsApp services. Consequently, the Authority
Turkish Competition Authority finalizes interim measures on META
On 6 May, the Turkish Competition Authority (the “Authority”) issued its decision regarding META Platforms, Inc. (“META”). This decision finalises the interim measure order (“Interim Measure Order”) and imposes an administrative fine on META amounting to TRY 335,730,707.20 (approximately USD 10.4 million). Background On 18 March, the Authority announced the Interim Measure Order against META. This Interim Measure Order aimed to prevent irreparable harm during the investigation into allegations of aggregating the data of users who created “Threads” profiles based on their Instagram accounts by linking the Threads and Instagram applications without providing the users with a consent option. The
Bells ring for compliance with new amendments to Turkish Personal Data Protection Law
On 12 March 2024, significant amendments (“Amendments”) to the Turkish Personal Data Protection Law No. 6698 (the "DP Law") were published in the Official Gazette. The Amendments are intended to improve alignment with the GDPR and to ensure greater flexibility. What are the key changes? The Amendments include regulations concerning (i) the processing of sensitive personal data, (ii) cross-border data transfers, (iii) sanctions to be applied by the Turkish Data Protection Authority (“DPA”), and (iv) the new procedure for appealing DPA decisions. Following the Amendments, the DPA is expected to issue secondary legislation to facilitate the implementation of the new provisions, particularly for cross-border data
Quick Read: Data Protection Law updates in Turkey – April 2024
In April, the Turkish data protection authority (“DPA”) held a number of events, announced an international cooperation agreement, and announced five data breach notifications. DPA’s agenda in April Data Protection Day conference On 7 April, an event was organised within the DPA to mark Data Protection Day. Co-hosted with Ankara University, the event highlighted the importance of protecting personal data and how technological advances have increased individuals' expectations of privacy. Cooperation protocol signed with Northern Cyprus On 18 April, a Cooperation Protocol was signed between the DPA and the data protection authority of the Turkish Republic of Northern Cyprus. The protocol