Companies and individuals may face difficulties in determining which one of the definitions they fall under and whether they or the ones they are working with have data protection responsibility. Interaction between these two concepts is of paramount importance, as it imposes obligations in terms of liability. This piece aims to inform companies involved in the processing of personal data to be able to determine whether they are or the third parties they work with are acting as a data controller and/or as a data processor under Turkish data protection legislation.
Turkey’s first and only law specifically dedicated to data protection and privacy, the Law No. 6698 on Protection of Personal Data (“Law No. 6698”), came into force on April 7, 2016 with certain transition periods. The Data Protection Board has been formed, but is not yet functioning. The secondary legislation is still pending, although certain sector-specific regulations have been put in place, and is expected to be completed by April 7, 2017.
An alternative dispute resolution method is expected to be introduced in Turkey shortly through the Draft Law on Labor Courts (“Draft Law”). The purpose of the Draft Law is to bring a functional and an effective judicial procedure for labor conflicts via mandatory mediation and to replace the current regulations.
Turkey’s main regulation regarding advertisements, the Regulation on Commercial Advertisement and Unfair Commercial Practices (“Regulation”) was amended with another regulation published on the Official Gazette of 4 January 2017, effective immediately. Those who advertise their products and services, advertisement agencies and the media that publishes such advertisement should abide by the Regulation.
Overall, this was a more active year for FCPA enforcement actions when compared to 2015. This year, Department of Justice (“DOJ”) took a total of 10 enforcement actions and Securities and Exchange Commission (“SEC”) took a total of 25 enforcement actions. Like last year, SEC is more active than DOJ, in terms of numbers of the enforcement actions. Of the 10 enforcement actions taken by DOJ, only 1 of them was related to a real person. Of the 25 SEC enforcement actions 4 of them were related real persons.
Transparency International (“TI”) has published its regional Corruption Barometer for Europe and Central Asia1 (“Report”) on 16 November 2016. According to the findings of the Report, one third of the citizens of the region perceive corruption as one of the biggest three challenges facing their country.
On October 8th 2016, the General Communiqué on National Estate No. 373 (“Communiqué”) has been published on the Official Gazette. The Communiqué governs principles regarding easement right and/or right of usage to be granted to financers for them to construct marinas, landing stages, piers and berths on state-owned or treasury lands.
Law 6698 on the Protection of Personal Data came into force on April 7 2016 and applies to:
- real persons whose personal data is processed; and
- real persons and legal entities that process personal data.
Therefore, defining the actions and main actors involved in the processing of personal data is key to understanding the law's general scope.
In The Corner Office, we invite Managing Partners at law firms from across the region to share information about the strategies they employ to keep their teams motivated, effective, and focused. For this issue, we asked them to reveal what sorts of firm retreats and activities they host and/or organize for their lawyers.