Skip to main content
SpringerLink
Log in

Data Protection Around the World: Turkey

  • Chapter
  • First Online:
Data Protection Around the World

Part of the book series: Information Technology and Law Series ((ITLS,volume 33))

  • 985 Accesses

Abstract

Like elsewhere in the world, data protection law is a popular topic as an emerging branch in the legal world in Turkey. After the adoption of Law no. 6698 on the Protection of Personal Data (“DPL”) and the formation of the Turkish Data Protection Authority (“DPA”) in 2016, the protection of data subjects’ rights with regards to personal data and privacy has become a major subject of discussions both in the academia and in practice. This chapter deals with Turkey’s stand concerning personal data protection in comparison with the General Data Protection Regulation (“GDPR”). To that extent, this chapter firstly analyses Turkey’s main laws and regulations and case-law with regard to the protection of personal data. This is followed by a comparison of the Turkish DPL with the GDPR, where the strengths and weaknesses of Turkish law in the field of data protection are demonstrated. The chapter concludes with the possible application of the GDPR in Turkey and its impact on the Turkish data protection law.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 99.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal (“OJ”) L 119.

  2. 2.

    Kişisel Verilerin Korunması Kanunu, [Law on the Protection of Personal Data] OJ no. 29677, 24 March 2016.

  3. 3.

    See Küzeci 2018, pp. 311–314.

  4. 4.

    However, some articles in the DPL entered into force six months after the publication of the Law in the OJ. These are articles concerning data transfer (Article 8), data transfer to other countries (Article 9), rights of data subjects (Article 11), complaint procedure to data controllers (Article 13), complaint procedure to the DPA (Article 14), the examination procedure by the DPA (Article 15), the registry of data controllers (Article 16), crimes (Article 17) and sanctions (Article 18).

  5. 5.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, (1995) OJ L 281.

  6. 6.

    Examples are: Law on the Regulation of Electronic Trade (“ETL”)—Elektronik Ticaretin Düzenlenmesi Hakkında Kanun, OJ no. 29166, 5 November 2014; Electronic Communication Law (“ECL”)—Elektronik Haberleşme Kanunu, OJ no. 27050 (bis.), 10 November 2008; Banking Law—Bankacılık Kanunu, OJ no. 25983 (bis.), 1 November 2005; Regulation on Patient Rights—Hasta Hakları Yönetmeliği OJ no. 23420, 1 August 1998.

  7. 7.

    Türk Medeni Kanunu, OJ no. 24607, 08 December 2001 (entered into force 1 January 2002).

  8. 8.

    Türk Ceza Kanunu, OJ no. 25611, 12 October 2004 (entered into force 1 April 2005).

  9. 9.

    See Sect. 9.2.3.

  10. 10.

    Kişisel Verilerin Silinmesi, Yok Edilmesi veya Anonim Hale Getirilmesi Hakkında Yönetmelik, OJ no. 30224, 28 October 2017 (entered into force 1 January 2018).

  11. 11.

    Kişisel Verileri Koruma Kurulu Çalışma Usûl ve Esaslarına Dair Yönetmelik, OJ no. 30242, 16 November 2017.

  12. 12.

    Veri Sorumluları Sicili Hakkında Yönetmelik, OJ no. 30286, 30 December 2017 (entered into force 1 January 2018).

  13. 13.

    Kişisel Veri Koruma Uzmanlığı Yönetmeliği, OJ no. 30327, 9 February 2018.

  14. 14.

    Kişisel Verileri Koruma Kurumu Teşkilat Yönetmeliği, OJ no. 30403, 26 April 2018.

  15. 15.

    Kişisel Verileri Koruma Kurumu Personeli Görevde Yükselme ve Unvan Değişikliği Yönetmeliği, OJ no. 30412, 5 May 2018.

  16. 16.

    Kişisel Verileri Koruma Kurumu Disiplin Amirleri Yönetmeliği, OJ no. 30777, 17 May 2019.

  17. 17.

    Kişisel Sağlık Verileri Hakkında Yönetmelik, OJ no. 30808, 21 June 2019.

  18. 18.

    Additional Protocol to the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, regarding supervisory authorities and transborder data flows (ETS no. 181).

  19. 19.

    Protocol amending the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 223).

  20. 20.

    Sosyal Sigortalar ve Genel Sağlık Sigortası Kanunu, OJ no. 26200, 16 June 2006 (entered into force in October 2008).

  21. 21.

    E. 2014/74, K. 2014/201, 25.12.2014, OJ no. 29364, 23.05.2015.

  22. 22.

    E. 2013/122, K. 2014/74, 09.04.2014, OJ no. 29072, 26 July 2014.

  23. 23.

    Sağlık Alanında Bazı Düzenlemeler Hakkında Kanun Hükmünde Kararname, OJ no. 28103 bis., 2 November 2011.

  24. 24.

    E. 2011/150, K. 2013/30, 14 February 2013, OJ no. 28688, 26 June 2013.

  25. 25.

    6495 sayılı Bazı Kanun ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılmasına Dair Kanun, OJ no. 28726, 2 August 2013.

  26. 26.

    E. 2013/114, K. 2014/184, 4 December 2014, OJ no. 29418, 16 July 2015.

  27. 27.

    The DPL included an article (Article 30) amending the annulled provision and stipulating that health data could be processed by health institutions in accordance with the DPL. This provision was recently annulled with the Decree Law no. 703 dated 2 July 2018. 703 Sayılı Anayasada Yapılan Değişikliklere Uyum Sağlanması Amacıyla Bazı Kanun ve Kanun Hükmünde Kararnamelerde Değişiklik Yapılması Hakkında Kanun Hükmünde Kararname, OJ no. 30473 (bis. 3), 9 July 2018.

  28. 28.

    E. 2011/107, K. 2012/ 184, 22 November 2012, OJ no. 28892, 24 January 2014.

  29. 29.

    E. 2011/141, K. 2013/10, 10 January 2013, OJ no. 28865, 28 December 2013.

  30. 30.

    E. 2015/32, K. 2015/102, 12 November 2015, OJ no. 29550, 2 December 2015.

  31. 31.

    The exceptions to the requirement express consent, conditions regarding processing sensitive data, and regulatory authorities given to the DPA were among the challenged provisions.

  32. 32.

    E. 2016/ 125, K. 2012/143, 28 September 2017, OJ no. 30310, 23 January 2018.

  33. 33.

    E. 1979/9, K. 1979/44, 27 November 1979, OJ no. 16928, 13 March 1980.

  34. 34.

    E. 1995/17, K. 1995/16, 21 June 1995, OJ no. 22433, 14 October 1995.

  35. 35.

    ECHR (Second Section), Sinan Işık v. Turkey, no. 21924/05, 2 February 2010.

  36. 36.

    The Court, however, did not examine the issue from the point of revealing sensitive personal data. ECHR (Second Section), Sinan Işık v. Turkey, no. 21924/05, 2 February 2010, paras. 37–53.

  37. 37.

    Türkiye İstatistik Kanunu, OJ no. 25997, 18 November 2005.

  38. 38.

    E. 2006/167, K. 2008/86, 20 March 2008, OJ no. 26917, 25 June 2008.

  39. 39.

    E. 2010/12, K. 2011/135, 12 October 2011, OJ no. 28156, 28 December 2011.

  40. 40.

    E. 2014/180, K. 2015/30, 19 March 2015, OJ no. 29315, 3 April 2015. This decision was rightfully criticised on the grounds that the mentioned provision did not entail necessary safeguards for the protection of personal data. Akgül 2015, p. 210.

  41. 41.

    Kimlik Bildirme Kanunu, OJ no. 14591, 11 July 1973.

  42. 42.

    E. 1996/68, K. 1996/01, 6 January 1999, OJ no. 24292, 19 January 2001.

  43. 43.

    E. 2014/122, K. 2015/ 123, 30 December 2015, OJ no. 29640, 1 March 2016.

  44. 44.

    ECHR (Second Section), Mustafa Sezgin Tanrıkulu v. Turkey, no. 2473/06, 18 May 2017, paras 62–65.

  45. 45.

    ECHR (Second Section), Cemalettin Şanlı v. Turkey, no. 22427/04, 18 November 2008, paras 41–44.

  46. 46.

    ECHR (Second Section), Karabeyoğlu v. Turkey, no. 30083/10, 7 June 2016, paras 112–121.

  47. 47.

    Posta Hizmetleri Kanunu, OJ no. 28655, 23 May 2013.

  48. 48.

    E. 2013/ 84, K. 2014/ 183, 04.12.2014, OJ no. 29294, 13 March 2015.

  49. 49.

    N.B.B, No. 2013/5653, 3 March 2016.

  50. 50.

    Asli Alp ve Şükrü Alp, No. 2014/18260, 4 October 2017; Asım Bayar ve Veysel Bayar, No. 2014/4141, 4 October 2017; G.D (2), No. 2014/1808, 4 October 2017; Gözde Yiğit, No. 2017/16026, 5 October 2017; Fahri Göncü, No. 2014/17943, 5 October 2017. In the first two cases the passage of time over the published content from the date of application was five and six years respectively, and in the third and fourth case, it was four years. In the last case, 11 years have passed over the published content, but the CC has concluded that the news was still relevant given the specifics of the case at hand.

  51. 51.

    E. 2014/4-56, K. 2015/1679, 17 June 2015.

  52. 52.

    As mentioned above, the CC has concluded that legal persons are also entitled to protection concerning personal data. See Sect. 9.1.3.2. Nevertheless, the DPA has decided that legal persons cannot seek protection under the DPL. No. 2018/131, 19 November 2018.

  53. 53.

    Yücedağ suggests that biometric and genetic data should be considered as sensitive data on the condition that they are processed for the purpose of identifying natural persons, as the GDPR suggests. Yücedağ 2017, p. 769.

  54. 54.

    No. 2019/125, 2 May 2019.

  55. 55.

    No. 2019/157, 31 May 2019.

  56. 56.

    Develioğlu suggests that transparency should also be safeguarded as part of lawful and fair processing. Develioğlu 2017, p. 45.

  57. 57.

    These principles are reflected in the responsibilities of data controllers under Article 12 DPL. Develioğlu 2017, p. 50.

  58. 58.

    Yücedağ 2019, p. 49; Çekin 2018, pp. 42 and 45.

  59. 59.

    In this sense, Yücedağ 2017, p. 767.

  60. 60.

    According to Çekin, harming fundamental rights and freedoms is not an appropriate term and it should be read as “the legitimate interests should not override fundamental rights and freedoms of the data subject”. Çekin 2018, pp. 73–74.

  61. 61.

    Dülger 2019, p. 26; Yücedağ 2017, p. 773.

  62. 62.

    Develioğlu 2017, p. 58.

  63. 63.

    The DPA has rendered a decision on the measures to be taken while processing sensitive data. See Sect. 9.1.3.2.

  64. 64.

    The wording of Article 6(3) excluding the explicit envisaging consent in law for sensitive data whereas its requirement for normal types of data is criticized. See Küzeci 2018, pp. 332–333.

  65. 65.

    Yücedağ 2017, pp. 772–773.

  66. 66.

    No. 2019/10, 24 January 2019.

  67. 67.

    For an overview of the registration procedure, see Sümer 2019 A procrastinator’s guide to data controller registration in Turkish data protection law. https://iapp.org/news/a/a-procrastinators-guide-to-data-controller-registration-in-turkish-data-protection-law/. Accessed 23 September 2019.

  68. 68.

    No. 2018/88, 19 July 2018.

  69. 69.

    No. 2019/265, 3 September 2019.

  70. 70.

    No. 2018/32, 2 April 2018.

  71. 71.

    No. 2018/68, 28 June 2018.

  72. 72.

    No. 2018/75, 5 July 2018.

  73. 73.

    No. 2018/87, 19 July 2018.

  74. 74.

    https://www.turkiye.gov.tr. This website shows that over 44 million users are currently registered in the e-state database. Accessed 16 October 2019.

  75. 75.

    https://www.nvi.gov.tr. Accessed 16 October 2019.

  76. 76.

    http://www.uyap.gov.tr. Accessed 16 October 2019.

  77. 77.

    https://enabiz.gov.tr. Accessed 16 October 2019.

  78. 78.

    Hern A 2016 Database allegedly containing ID numbers of 50 m Turks posted online. https://www.theguardian.com/technology/2016/apr/04/database-allegedly-containing-id-numbers-of-50m-turks-posted-online. Accessed 16 October 2019; BBC News 2016 Turkish authorities ‘probing huge ID data leak’. https://www.bbc.com/news/technology-35978216. Accessed 16 October 2019.

  79. 79.

    T24 Haber, 2016 Türkiye’deki 33 Hastane Verileri İnternete Sızdırıldı [In Turkey, Data from 33 Hospitals leaked to the Internet]. http://t24.com.tr/haber/anonymous-turkiyedeki-hastane-kayitlarini-hackledi-bilgiler-internete-sizdirildi,341067. Accessed 24 September 2019.

  80. 80.

    The table of contents and the concluding part of this report are available on the website of Turkish Medical Association (Türk Tabipler Birliği). http://www.ttb.org.tr/images/stories/file/2015/ddk_rapor.pdf. Accessed 16 October 2019. References to the report are made to this available part of the document.

  81. 81.

    TC Cumhurbaşkanlığı Devlet Denetleme Kurulu 2013, pp. 784–787.

  82. 82.

    Erbaş Ö 2014 Kişisel Sağlık Verileri Satılamaz, ama SGK sattı [Personal Health Data cannot be sold but Social Security Institution Sold It]. https://m.bianet.org/bianet/saglik/159720-kisisel-saglik-verileri-satilamaz-ama-sgk-satti. Accessed 24 September 2019.

  83. 83.

    Sayıştay 2014, pp. 49–53.

  84. 84.

    7039 sayılı Nüfus Hizmetleri Kanunu ve Bazı Kanunlarda Değişiklik Yapılmasına Dair Kanun, OJ no. 30229, 3 November 2017.

  85. 85.

    Küzeci 2018, p. 453.

  86. 86.

    Devlet Arşiv Hizmetleri Hakkında Yönetmelik, OJ no. 19816, 16 May 1988.

  87. 87.

    No. 2018/69, 28 June 2018.

  88. 88.

    In fact, this practice is not allowed in accordance with Article 11(3) of Regulation on the ID Sharing System which states that institutions that have access to the ID sharing system as well as banks cannot demand copies of IDs or any other ID documentation. Kimlik Paylaşımı Sistemi Yönetmeliği, OJ no. 26370, 8 December 2006.

  89. 89.

    TC Cumhurbaşkanlığı Devlet Denetleme Kurulu 2013, p. 784.

  90. 90.

    BTK (2016) Posta Gönderilerine Güvenlik Tedbirlerine Yönelik Usul ve Esaslar, 2016/DK-YED/517, 27 December 2016, https://www.btk.gov.tr/uploads/boarddecisions/posta-gonderilerine-iliskin-guvenlik-tedbirlerine-yonelik-usul-ve-esaslar.pdf. Accessed 16 October 2019.

  91. 91.

    See Sect. 9.1.3.2.

  92. 92.

    No. 2017/62, 21 December 2017.

  93. 93.

    No. 2017/61, 21 December 2017.

  94. 94.

    No. 2018/143, 5 December 2018.

  95. 95.

    No. 2019/166, 31 May 2019.

  96. 96.

    No. 2018/91, 26 July 2018.

  97. 97.

    No. 2018/10, 31 January 2018.

  98. 98.

    No. 2018/63, 31 May 2018.

  99. 99.

    Nos. 2019/81 and 2019/165, 25 March 2019 and 31 May 2019.

  100. 100.

    No. 2019/82, 25 March 2019.

  101. 101.

    No. 2019/52, 5 March 2019.

  102. 102.

    No. 2019/23, 14 February 2019.

  103. 103.

    No. 2018/119, 16 October 2018.

  104. 104.

    Nos. 2019/159, 2019/162 and 2019/204, 31 May 2019 and 8 July 2019.

  105. 105.

    No. 2018/90, 26 July 2018.

  106. 106.

    No. 2019/122, 2 May 2019.

  107. 107.

    No. 2019/82, 25 March 2019.

  108. 108.

    No. 2019/188, 1 July 2019.

  109. 109.

    No. 2019/104, 11 April 2019.

  110. 110.

    No. 2019/269, 18 September 2019.

  111. 111.

    No. 2019/141, 16 May 2019.

  112. 112.

    No. 2019/143, 16 May 2019.

  113. 113.

    No. 2019/144, 16 May 2019.

  114. 114.

    No. 2019/222, 17 July 2019.

  115. 115.

    No. 2019/255, 27 August 2019.

  116. 116.

    No. 2019/254, 27 August 2019.

  117. 117.

    No. 2019/78, 25 March 2019.

  118. 118.

    Since its foundation in 1923, the Republic of Turkey had been governed under a parliamentary regime. However, in the referendum on 17 April 2017, amendments to the Constitution leading to a presidential regime were accepted by a majority of 51%. Following the presidential and parliamentary elections held on 24 June 2018, the presidential regime in Turkey was consolidated.

  119. 119.

    Bakanlıklara Bağlı, İlgili ve İlişkili Kurum ve Kuruluşlar ile İlgili 2008/1 Sayılı Cumhurbaşkanlığı Genelgesi, OJ no. 30479, 15 July 2018.

  120. 120.

    Under the old system, 5 members of the DPL were selected by the Parliament, 2 members were selected by the President of the Republic and 2 members were selected by the Cabinet of Ministers, which no longer exists.

  121. 121.

    Küzeci 2018, p. 367.

  122. 122.

    See Sect. 9.3.3.

  123. 123.

    CJEU, European Commission (Supported by EDPS) v. Federal Republic of Germany, Judgement, 9 March 2010, Case C-518/07; CJEU, paras 25–37, European Commission (Supported by EDPS) v. Republic of Austria (Supported by Federal Republic of Germany), Judgement, 16 October 2012, Case C-614/10, paras 37–66; CJEU, European Commission (Supported by EDPS) v. Hungary, Judgement, 8 April 2014, Case C-288/12, paras. 47–62.

  124. 124.

    The wide territorial scope of the GDPR and its possible application have usually not been objected to in the Turkish literature. The general tendency is to simply point out the extraterritorial application of the GDPR to Turkish or non-EU data processors and controllers. Dülger 2019, p. 195; Çekin 2018, pp. 29–34; Develioğlu 2017, pp. 15–20. In a recent article, the extraterritoriality of the GDPR is rejected from a public international law perspective. Dal 2019, p. 32.

  125. 125.

    EDPB 2018, pp. 4–12.

  126. 126.

    EDPB 2018, p. 14.

  127. 127.

    Däubler 2018, p. 411. For a different reasoning, see Brkan 2016, pp. 339–341.

  128. 128.

    See Azzi 2018, para 55; The Author also points out the last sentence of the Recital 80 GDPR confirming this tendency: “The designated representative should be subject to enforcement proceedings in the event of non-compliance by the controller or processor”.

  129. 129.

    Däubler 2018, p. 411.

  130. 130.

    Develioğlu 2017, p. 117; For examples of sanctions and other mechanisms for action, see Azzi 2018, paras 59–77.

  131. 131.

    EDPB, p. 10.

  132. 132.

    See Articles 6(2), 8(1), 9(4), 23, 80(2), 85, 88 GDPR, also see Wagner and Bennecke 2016, pp. 354–357.

  133. 133.

    Nomer 2017, pp. 184–187; Demirkol 2014, pp. 16–17; van Bochove 2014, pp. 148–150; Erkan 2011, pp. 83–84; Özdemir Kocasakal 2010, pp. 70–74; Özdemir Kocasakal 2001, pp. 11–12; see Article 9(1) of Rome I Regulation (Regulation (EC) No 593/2008 of the European Parliament and of the Council of 17 June 2008 on the law applicable to contractual obligations (Rome I) (2008) OJ L 177.

  134. 134.

    Lüttringhaus 2018, pp. 73–74. The author states that Article 82 GDPR is an overriding mandatory rule. Däubler 2018, p. 406; Brkan 2016, p. 339. According to the authors, Article 3 GDPR is an overriding mandatory rule.

  135. 135.

    Çelikel and Erdem 2017, p. 441.

  136. 136.

    Özdemir Kocasakal 2010, p. 75; Demirkol 2014, p. 23; Özdemir Kocasakal 2001, p. 74.

  137. 137.

    Özdemir Kocasakal 2010, p. 76; Demirkol 2014, p. 23; Kösoğlu 2008, p. 161.

  138. 138.

    Şanlı et al. 2019, p. 316; Çelikel and Erdem 2017, p. 441. For mitigating views admitting both the application of and giving effect to overriding mandatory rules, see Tekinalp and Uyanık 2016, p. 300; Bayata Canyaş 2012, p. 271.

  139. 139.

    It is suggested that Article 31 of the Turkish PIL shall be applied to non-contractual obligations as well. Vural Çelenk 2018, p. 236; contra Şanlı et al. 2019, p. 315.

  140. 140.

    Develioğlu 2017, p. 20.

  141. 141.

    Agreement Establishing an Association between the European Economic Community and Turkey (Ankara Agreement), 1 September 1963.

  142. 142.

    Council of the EU 2019 Council conclusions on enlargement and stabilisation and association process. https://www.consilium.europa.eu/en/press/press-releases/2019/06/18/council-conclusions-on-enlargement-and-stabilisation-and-association-process/. Accessed 17 October 2019.

  143. 143.

    European Commission 1998, p. 35.

  144. 144.

    The Council of the European Union 2003, p. 45.

  145. 145.

    Council of Ministers 2003, p. 151.

  146. 146.

    Dülger 2019, pp. 193 and 195; Çekin 2018, p. 3; contra Taştan 2017, pp. 26–27.

  147. 147.

    European Commission 2016, p. 71.

  148. 148.

    European Commission 2018, p. 41.

  149. 149.

    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, (2016) OJ L 119.

  150. 150.

    European Commission 2019, p. 31.

  151. 151.

    European Parliament 2018, especially Articles 7–14.

References

  • Akgül A (2015) Kişisel Verilerin Korunması Bağlamında Biyometrik Yöntemlerin Kullanımı ve Danıştay Yaklaşımı [The Use of Biometric Methods in the Context of the Protection of Personal Data and the Council of State’s Approach]. Türkiye Barolar Birliği Dergisi 118:199–222

    Google Scholar 

  • Azzi A (2018) The challenges faced by the extraterritorial scope of the General Data Protection Regulation. JIPITEC 126:126–137

    Google Scholar 

  • Bayata Canyaş A (2012) AB ve Türk Hukuku Uyarınca Sözleşmeye Uygulanacak Hukuka İlişkin Genel Kural [General Rule Regarding the Law Applicable to the Contract in accordance with EU and Turkish Law]. Adalet, Ankara

    Google Scholar 

  • Brkan M (2016) Data protection and conflict-of-laws: A challenging relationship. EDPL 3(2):324–341

    Google Scholar 

  • Çekin M S (2018) Avrupa Birliği Hukukuyla Mukayeseli Olarak 6698 Sayılı Kişisel Verilerin Korunması Kanunu [Law No. 6698 on the Protection of Personal Data in Comparison with the European Union Law]. On İki Levha, İstanbul

    Google Scholar 

  • Çelikel A, Erdem B (2017) Milletlerarası Özel Hukuk[Private International Law]. Beta, İstanbul

    Google Scholar 

  • Council of the European Union (2003) Council Decision of 19 May 2003 on the principles, priorities, intermediate objectives and conditions contained in the Accession Partnership with Turkey, 2003/398/EC, https://www.ab.gov.tr/files/AB_Iliskileri/Tur_En_Realitons/Apd/Turkey_APD_2003.pdf Accessed 16 October 2019

  • Council of the EU (2019) Council conclusions on enlargement and stabilisation and association process. https://www.consilium.europa.eu/en/press/press-releases/2019/06/18/council-conclusions-on-enlargement-and-stabilisation-and-association-process/. Accessed 17 October 2019

  • Dal U (2019) Avrupa Birliği Genel Veri Koruma Tüzüğü’nün ülke dışı uygulama yetkisi ve bu yetkinin uluslararası hukukta meşruiyeti [The extraterritoriality of the GDPR outside the country and its legitimacy in international law]. Kişisel Verileri Koruma Dergisi 1(1): 21–33

    Google Scholar 

  • Däubler W (2018) Das Kollisionsrecht des neuen Datenschutzes [The conflict of laws of the new data protection]. RIW 7:405–412

    Google Scholar 

  • Demirkol B (2014) Sözleşmeye Uygulanacak Hukuk [The Law Applicable to the Contract]. Vedat, İstanbul

    Google Scholar 

  • Develioğlu M (2017) 6698 sayılı Kişisel Verilerin Korunması Kanunu ile Karşılaştırmalı Olarak Avrupa Birliği Genel Veri Koruma Tüzüğü Uyarınca Kişisel Verilerin Korunması Hukuku [Data Protection Law in Accordance with the GDPR and with a Comparison with the Law No. 6698 on the Protection of Personal Data]. On İki Levha, İstanbul

    Google Scholar 

  • Dülger M V (2019) Kişisel Verilerin Korunması Hukuku [The Law on the Protection of Personal Data]. Hukuk Akademisi, İstanbul

    Google Scholar 

  • Erkan M (2011) MÖHUK Madde 31 Bağlamında Türk Hukukunda Doğrudan Uygulanan Kurallara Bakış [Overview of the Overriding Mandatory Rules in Turkish Law in the Context of Article 31 of the Turkish Code on Private International Law]. Gazi Üniversitesi Hukuk Fakültesi Dergisi, 15(2):81–121

    Google Scholar 

  • European Commission (1998) “Regular Report From the Commission on Turkey’s Progress Towards Accession”, https://www.avrupa.info.tr/sites/default/files/2016-11/1998.pdf Accessed 16 October 2019

  • European Commission (2016) Commission Staff Working Document, “Turkey 2016 Report”. https://ec.europa.eu/neighbourhood-enlargement/sites/near/files/pdf/key_documents/2016/20161109_report_turkey.pdf Accessed 16 October 2019

  • European Commission (2018) Commission Staff Working Document, “Turkey 2018 Report”. https://ec.europa.eu/neighbourhood-enlargement/sites/near/files/20180417-turkey-report.pdf Accessed 16 October 2019

  • European Commission (2019) Commission Staff Working Document, “Turkey 2019 Report” https://ec.europa.eu/neighbourhood-enlargement/sites/near/files/20190529-turkey-report.pdf Accessed 16 October 2019

  • European Data Protection Board (2018) Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) – Version for public consultation 16.11.2018. https://edpb.europa.eu/our-work-tools/public-consultations/2018/guidelines-32018-territorial-scope-gdpr-article-3_en. Accessed 27 September 2019

  • European Parliament (2018) “Resolution of 4 July 2018 on the Commission recommendation for a Council decision authorising the opening of negotiations for an agreement between the European Union and Republic of Turkey on the exchange of personal data between European Union Agency for Law Enforcement Cooperation (Europol) and the Turkish competent authorities for fighting serious crimes and terrorism”. COM(2017)0799 – 2018/2061(INI) http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2018-0296 Accessed 16 October 2019

  • Kocasakal Özdemir H (2001) Doğrudan Uygulanan Kurallar ve Sözleşmeler Üzerindeki Etkileri [Overriding Mandatory Rules and its Effects on Contracts]. Galatasaray Üniversitesi, İstanbul

    Google Scholar 

  • Kocasakal Özdemir H (2010) Sözleşmelere Uygulanacak Hukukun MÖHUK m.24 Çerçevesinde Tespiti ve Üçüncü Devletin Doğrudan Uygulanan Kuralları [Determination of the Law Applicable to Contracts within the framework of Article 24 of the Turkish Code on Private International Law, and the Overriding Mandatory Rules of a Third State]. MHB 30(1–2):27-88

    Google Scholar 

  • Kösoğlu M (2008) Milletlerarası Özel Hukuk ve Usul Hukuku Hakkında Kanunun 31. Maddesi: Sözleşme ile Sıkı İlişkili Üçüncü Bir Devletin Doğrudan Uygulanan Kurallarına Etki Tanınması [Article 31 of the Code on Private International Law and International Civil Procedure: Giving Effect to the Overriding Mandatory Rules of a Third Country which is in Close Connection with the Contract]. MHB 28(1–2):147–172

    Google Scholar 

  • Küzeci E (2018) Kişisel Verilerin Korunması [Protection of Personal Data]. Turhan, Ankara

    Google Scholar 

  • Lüttringhaus J D (2018) Das internationale Datenprivatrecht: Baustein des Wirtschaftskollisionsrechts des 21. Jahrhunderts [International Privacy Law: Building Block of 21st Century’s Conflict of Laws]. Jahrhunderts, ZvglRWiss 117:50–82

    Google Scholar 

  • Nomer E (2017) Devletler Hususi Hukuku [Private International Law]. Beta, Istanbul

    Google Scholar 

  • Şanlı C, Esen E, Ataman Figanmeşe (2019) Milletlerarası Özel Hukuk [Private International Law]. Beta, Istanbul

    Google Scholar 

  • Sayıştay (2014) Sosyal Güvenlik Kurumu 2013 Yılı Sayıştay Denetim Raporu [Social Security Institution 2013 Court of Accounts Audit Report]. https://www.sayistay.gov.tr/tr/Upload/62643830/files/raporlar/kid/2013/Sosyal_Güvenlik_Kurumları/SOSYAL%20GÜVENLİK%20KURUMU.pdf. Accessed 16 October 2019

  • Taştan F G (2017) Türk Sözleşme Hukukunda Kişisel Verilerin Korunması [Protection of Personal Data in Turkish Contract Law]. On İki Levha, Istanbul

    Google Scholar 

  • TC Cumhurbaşkanlığı Devlet Denetleme Kurulu (2013) Denetleme Raporu: Kişisel Verilerin Korunmasına İlişkin Ulusal ve Uluslararası Durum Değerlendirmesi ile Bilgi Güvenliği ve Kişisel Verilerin Korunması Kapsamında Gerçekleştirilen Denetim Çalışmaları, Table of Contents and Conclusion available at http://www.ttb.org.tr/images/stories/file/2015/ddk_rapor.pdf. Accessed 16 October 2019

  • Tekinalp G, Uyanık A (2016) Milletlerarası Özel Hukuk Bağlama Kuralları [Conflict of Laws in Private International Law]. Vedat, Istanbul

    Google Scholar 

  • van Bochove L M (2014) Overriding mandatory rules as a vehicle for weaker party protection in European private international law. ELR 7:147–156

    Google Scholar 

  • Vural Çelenk B (2018) Üçüncü Ülkenin Doğrudan Uygulanan Kurallarının Haksız Fiiller Alanında Uygulanmasının MÖHUK Madde 31 ile Değerlendirilmesi [Evaluation of the Application of the Overriding Mandatory Rules of a Third Country in Tort Law, in accordance with Article 31 on the Turkish Code on Private International Law and International Civil Procedure]. In: Tarman Derya Z (ed) Genç Milletlerarası Özel Hukukçular Konferansı [Young Private International Law Scholars Conference]. On İki Levha, Istanbul, pp 205–243

    Google Scholar 

  • Wagner J, Benecke A (2016) National legislation within the framework of the GDPR. EDPL 2:353–361

    Google Scholar 

  • Yücedağ N (2017) Medeni Hukuk Açısından Kişisel Verilerin Korunması Kanunu’nun Uygulama Alanı ve Genel Uygunluk Sebepleri [Field of Application of the Law on the Protection of Personal Data within the Framework of Civil Law and Conditions for Lawfulness] İÜHFM 75(2):765–789

    Google Scholar 

  • Yücedağ N (2019) Kişisel verilerin korunması kanunu kapsamında genel ilkeler [General Principles within the Scope of the Law on the Protection of Personal Data]. Kişisel Verileri Koruma Dergisi 1(1):47–63

    Google Scholar 

Download references

Acknowledgements

I would like to thank my colleagues Nesli Şen Özçelik, Seda Palanduz, and Sercan Çavuşoğlu for their comments and suggestions to earlier drafts of the chapter. Needless to say, the responsibility for all mistakes remains mine alone.

Author information

Authors and Affiliations

  1. MEF University, Ayazağa Cad., No: 4, 34396, Maslak, Sarıyer, Istanbul, Turkey

    Başak Erdoğan

Authors
  1. Başak Erdoğan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Başak Erdoğan .

Editor information

Editors and Affiliations

  1. International and European Law, The Hague University of Applied Sciences, The Hague, The Netherlands

    Elif Kiesow Cortez

Rights and permissions

Reprints and permissions

Copyright information

© 2021 T.M.C. Asser Press and the authors

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Erdoğan, B. (2021). Data Protection Around the World: Turkey. In: Kiesow Cortez, E. (eds) Data Protection Around the World. Information Technology and Law Series, vol 33. T.M.C. Asser Press, The Hague. https://doi.org/10.1007/978-94-6265-407-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-94-6265-407-5_9

  • Published:

  • Publisher Name: T.M.C. Asser Press, The Hague

  • Print ISBN: 978-94-6265-406-8

  • Online ISBN: 978-94-6265-407-5

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation