Our readers will recall from our previous Client Alert dated 4 April 2016 that the Turkish Parliament finally passed the long-awaited Law on the Protection of Personal Data (the “Law”), following its ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data numbered 108 (“Convention”) in March.
It continues to be a dynamic year in terms of data protection for Turkey since after our previous Client Alert the Parliament has now ratified the Additional Protocol to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows (the “Protocol”), signalling a dynamic and progressive future for data protection in Turkey.
As its title suggests, the Protocol sets forth fundamental principles with regard to the supervisory data protection authorities and transborder data transfers. Accordingly, it provides for the setting up of national data protection authorities responsible for enforcing the laws and regulations adopted in pursuance of the Convention. Further, it adopts the principle that the recipient country of a transborder data transfer must be able to afford an adequate level of protection for the data subject to the transfer.
The Law was drafted by the Justice Commission of the Parliament in line with the Convention and the Protocol. In that regard, the entry into force of the Protocol will shed light on the interpretation of principles set forth by the Law.
Please click here to read our review of the Law on the Protection of Personal Data no. 6698.