News Archives

Thursday, March 31, 2016

Turkey Enacts Data Protection Law

On March 24, the Turkish Parliament adopted the Law on Personal Data Protection, legislation modeled upon the EU Data Protection Directive that had been under consideration for nine years.  The move followed the ratification, five weeks earlier, of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), some 35 years after Turkey first signed it.  The new law is expected to be ratified by the President and published in the Official Gazette within a few weeks, according to attorneys with BTS Legal.  Furthermore, while there will be a two-year transitional period before the law comes into effect for existing data processing operations, new processing will have to be carried out in compliance with the law immediately.  In a sign of commitment to enforcement, a Personal Data Protection Authority will be established with a staff of 200 and the power to impose fines of up to 300,000 euros and prison sentences of up to four years in cases of non-compliance.
  
The recent summit meetings of European and Turkish leaders over the refugee crisis, which led to a commitment by the EU to accelerate accession talks with Turkey, clearly were instrumental in moving data protection legislation forward.  Given the instability in Turkey stemming from millions of Syrian refugees and what borders on a civil war with Kurdish separatists, as well as the increasingly autocratic actions by Turkey’s government, the passage of long-deferred data protection legislation is certainly an unexpected but positive development.  It is also an affirmation that respect for privacy can be acknowledged even by repressive governments.

Update:  Following ratification by the President, the Law on Personal Data Protection was published in the Official Gazette on April 7 and came into force.

No comments:

Post a Comment