Click here to read the article in Turkish / Haberin İngilizcesi için buraya tıklayın.
Personal Data Protection Act has been published in the Official Gazette.
According to the act, personal data can be processed in accordance with due process and principles.
Personal Data definition in the act
The person’s race, ethnicity, political opinion, philosophical belief, religion, religious order, clothing and appearance, membership to foundations or trade unions, health issues, sexual life will be qualified as specific personal information.
The law requires that personal information and specific personal information can not be processed without consent from the respective person. Personal information can also not be transmitted abroad without consent from the respective person.
Penalties for not protecting personal data
According to the act, the persons or the institutions who are responsible for protecting personal data will be sentenced to a punitive fine from min. 4,600 to 308,500 Euro for not protecting personal data or taking necessary measures.
The “Rıza Sarraf Article”
Personal information can also not be transmitted abroad without consent from the respective person.
The relevant article requires that “Without prejudice to provisions of international agreements, and in cases where Turkey’s or the respective person’s interests could get serious harm, personal data could be transmitted abroad under consultancy and with consent of the relevant institution or organization”.
The aforementioned Article had been approved by the Assembly upon Rıza Sarraf getting arrested in US who earlier had been arrested then released within the corruption investigations on December 17-25 in Turkey.
IT law experts had earlier criticized that the state had aimed at making a regulation favourable for its own financial interests rather than protecting data of its citizens and that the Personal Data Protection Commission under its current structure was not able to work independently. (EA/DG)
