Turkey does not have a data protection law, but since 2003 there have been numerous attempts to enact legislation in this area. The drafts of such bills have been criticised for not being in accordance with the contemporary approach to data protection. For example, the 2013 draft envisaged the establishment of a seven-member Data Protection Authority, of which four members were to be appointed by the government. The uproar against the draft caused the government to withdraw it – as happened with various previous proposals. Moreover, the government was concerned by the disparity of the bill with 96/45/EC Directive, the EU Data Protection Directive.
The government brought a revised bill to the Parliament in the beginning of 2016, which is currently being discussed. About a quarter of the bill’s 33 items have already been adopted as of 22 arch 2016. Since the ruling party (Justice and Development Party – AKP) has the majority in the Parliament it is likely that the bill will be passed from the Parliament this time.
However, the new bill is even worse than the previous ones. Besides other problem areas, four members of the Data Protection Authority are to be appointed by the government and three of them are to be appointed by the President. The EU Directive requires data protection authorities to „act with complete independence.“ Additionally, several government agencies such as secret service and police force are given exception for collecting and processing citizens’ data without the knowledge of data owners.
Turkey’s data protection draft law open to abuse: Expert
EU Directive 1995/46/EC
European Court of Justice rules on German DPA system