Data Protection in Turkey

Leave a comment

April 15, 2013 by Ozgur Ozden

Data Protection in Turkey

In Turkey we still do not have specific law to protect privacy of personal data. Currently data is protected by different sectoral laws such as; The Labor Law, The Criminal Code, The Banking Law, Turkish Civil Code, The Credit Cards Law.

Last year Information and Communication Technologies Authority issued a new regulation on “ Electronic communication and personal data processing, protecting”. This regulation fills the necessary gaps in the following areas:

  • Rules about personal data processing

  • Security

  • Reporting personal data violation

  • privacy of communication

  • Bandwidth information

  • location information

  • Data Safety

Also currently protection of data and privacy is under protection of constitution. Turkish Constitution section II/20 mentions about privacy in title  “Privacy and the Protection of Private Life” which can be expressed as  “everyone has the right to respect for private and family life”. In addition to this section II/21 expresses “no one can searched,  private papers and possessions can not be searched, and can not be confiscated.”
In addition to this, section 22 mentions that “ person’s residence can not be entered without a written search warrant. Freedom, privacy of communication can not be blocked in any means.”  Depending on the case and crime either constitution or related laws that we have given names above is used for the case in court.

As far as my search indicates, countries uses different laws and legislations for data protection. If we take a look at United States for example,  United states does not have a specific law for the protection of data instead they use different laws, legislations and sectoral approaches. Federal Trade Commission (FTC) regulates the privacy and different approaches to privacy in the US. United States signed the 1981 OECD Guidelines but they still haven’t adopted yet.
In order to comply with the European Union (EU) Directive 95/46/EC, United States prepared “Safe Harbour” and this is approved by EU in year 2000.

Most of the European countries follows “Data Protection Directive” (1995). This is a basic part of data processing, possession of personal data and movement of data in EU countries. In 2012 EU introduced another directive called “General Data Protection Regulation” and this is the most comprehensive one so far.


If we return back to Turkey, as you may know that Turkey was applied to become a part of European Union (EU) and as a part of membership process “law on protection of personal data” and “General Data Protection Regulation”should be adopted into Turkish society. Ministry of Justice prepared the first tailor made draft for Turkey and sent to Prime Minister’s office in 2005 but the draft is waiting there since then.
This new law will mainly regulate the following areas:

  • Transborder data flows

  • Data security

  • Data protection impact assessment and prior authorisation

  • Legitimacy of data processing and quality of data

  • Transparency of processing

  • Processing of sensitive data

  • Rights of the data subject

Most of the EU countries are regulated by these laws and in Turkey we need to prepare and adopt these law as soon as possible. Because just like in the other parts of the world, internet is growing really fast in Turkey and together with its 60% young population this law on protection of data  becomes a must for us.


1- Directive 95/46/EC of the European Parliament and of the Council (1995),  Available at:  [Accessed 14 March 2013]

2 -Andrew A. Adams, Rachel McCrindle [2012] Pandora’s Box:Social and Professional Issues of the Information Age. England: John Wiley & Sons Ltd

3- Data protection, Compilation of Council of Europe texts (2012),  Available at:  [Accessed 14 March 2013]

4-  Image [online] Available from: /data-protection-tips-for-mac.jpg  [Accessed 15 March 2013]

5- Data protection in Turkey (overview) (2012),  Available at:   [Accessed 13 March 2013]

6- Regulation of the european Parliament and of the council, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), (2012),  Available at:  [Accessed 14 March 2013]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: