New data protection law in Turkey

By EDRi · April 20, 2016

Turkish Parliament enacted the Data Protection Law on 24 March 2016 and it entered into force on 7 April. There had been several attempts for enacting the Law over the course of more than 10 years, but all of the bills were later withdrawn by the AKP – Justice and Development Party (the ruling party since 2002) governments.

................................................................. Support our work - make a recurrent donation! .................................................................

The AKP was quite motivated to enact the law because:

  1. Due to the nonexistence of Data Protection Law, Turkey was regarded as an “unsafe country” in terms of data protection and this resulted in certain difficulties for collaboration of Turkish security agencies with its counterparts abroad.
  2. Many Turkish companies could not operate in Europe and other places for the same reason.
  3. The government has the plan of establishing a “World Finance Center” in Istanbul, but that would be impossible without a proper DP Law.
  4. Turkey is officially a candidate country for membership to the European Union which enforces member and candidate countries to adopt a DP Law.

The hesitation of the government was due to the concern that the previous versions of the law would not be in conformity with the contemporary approach and thus would not be adequate for realizing the objectives outlined above. In the earlier versions of the bill, the Data Protection Board was to be appointed by the government or the President which draws suspicion to its autonomy. In the last version, four members of the Board were to be appointed by the government and three members by the President. This has been changed last minute and the enacted law envisages that two members are to be appointed by the President, two by the government and five to be elected by the Parliament.

Another hesitation in the previous versions stemmed from the fact that several security agencies such as police and secret service were given exemption for collecting and processing personal data. Although the new law does not explicitly mention these organisations, it has several exemptions which will pave the way for these organisations legally to collect and process data.

CHP – People’s Republican Party, the largest opposition party, declared that it will apply to the Constitutional Court for the annuling of the law.

Turkey’s data protection draft law open to abuse: Expert

Turkey passes long-awaited data protection law (07.04.2016)

Turkey’s New Data Protection Law (15.04.2016)

Turkey Completes Final Step in Approving Data Protection Legislation (07.04.2016)