TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Simge Yüce and Yiğit Aktimur, YAZICIOGLU Legal
data is violated may file a lawsuit before civil courts, per the TCiC. General provisions of the Turkish Code of Obli - gation (TCO) may also apply in cases of breach of an obligation, particularly regarding liability for damages and compensation for harm caused by violating contractual or non-contractual obliga - tions. Per the TCiC and the TCO, data subjects can not only seek compensation but also ask courts to: • prevent a threatened infringement; and/or • cease an existing infringement; and/or • make a declaration that an infringement is unlawful. Other There are also sector-specific regulations gov - erning the processing of personal data in areas such as telecommunications, banking, elec - tronic payment, health, and education ( 5.3 Data Localisation Requirements ). It is important to consider these legislations, as the DP Law specifies that provisions in other laws regarding the deletion, destruction, anonymisa - tion, or transfer of personal data are reserved. 1.2 Regulators The primary supervisory and regulatory author - ity in Türkiye is the DPA. It is an independent administrative institution with administrative and financial autonomy. The DPA is empowered to regulate data pro - tection activities and safeguard data subjects’ rights. Some of the primary duties and powers of the DPA are as follows:
• conducting investigations and taking tempo - rary measures, where necessary; • concluding the complaints of those who claim that their rights concerning personal data pro - tection have been violated; • maintaining the Registry of Controllers (“VER - BIS”); • imposing administrative sanctions provided in the DP Law; • determining and announcing those countries with adequate levels of protection of personal data for the purpose of international data transfers; and • approving the written undertaking of control - lers in Türkiye, as well as the Binding Corpo - rate Rules (BCR) and the transfers based on the existence of an agreement between pub - lic institutions in Türkiye and abroad that does not qualify as an international convention; for the purpose of international data transfers. The Ministry of Trade is authorised to oversee marketing communications (see 4.2 Personal- ised Advertising and Other Online Marketing Practices ). Apart from the above, sector-specific adminis - trative institutions such as the Banking Regula - tion and Supervision Agency (BRSA), the Capi - tal Markets Board, the Turkish Republic Central Bank, and the Information and Communication Technologies Authority (ICTA) have the author - ity to regulate issues regarding the processing of personal data within their respective sectors. 1.3 Enforcement Proceedings and Fines The DPA may initiate investigations upon receiv - ing a complaint from a data subject or ex officio if it becomes aware of the alleged violation.
477 CHAMBERS.COM
Powered by FlippingBook