Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector was Published
The Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector (“Regulation”) which stipulates procedures and principles for the processing of personal data and protection of confidentiality in the electronic communications sector, in order to provide the privacy of private life and the personal fundamental rights and freedoms, was published in the Official Gazette dated 04.12.2020 and numbered 31324. This Regulation enters into force six months after its publication.
Pursuant to the Regulation, companies that provide electronic communication services and/or networks and operate their infrastructure within the framework of authorization (“Operator”) are obliged to,
- take all kinds of technical and administrative measures which their minimum conditions are specified under the Regulation, by considering technological possibilities at a level appropriate to possible risks;
- keep records of transactions regarding access to personal data and other related systems for two years;
- report risks and personal data breaches to relevant subscribers/users as soon as possible;
- obtain explicit consent under the conditions specified under the Regulation in cases where explicit consent is required; and
- provide various opportunities and rights to subscribers/users.
In case the Operators do not fulfill these obligations, the provisions of the Information Technologies and Communication Authority Administrative Sanctions Regulation published in the Official Gazette dated 15.02.2014 and numbered 28914 shall apply.
- Please find the Turkish version of the Regulation here.
All rights of this article are reserved. This article may not be used, reproduced, copied, published, distributed, or otherwise disseminated without quotation or Erdem & Erdem Law Firm's written consent. Any content created without citing the resource or Erdem & Erdem Law Firm’s written consent is regularly tracked, and legal action will be taken in case of violation.
Other Contents
With the decision of the Personal Data Protection Board (Board) dated 06.07.2023 and numbered 2023/1154, the “annual financial balance sheet total” adopted by the Board as an exception criteria to the obligation to register to the Data Controllers’ Registry has been increased from 25 million Turkish Liras to...
The decision by the Irish Data Protection Authority (Authority) dated 12.05.2023 on Meta Platforms Ireland Limited (Meta Ireland) (Decision) has been announced on 22.05.2023. Pursuant to the Decision, an administrative fine of 1.200.000.000 Euros was imposed on Meta Ireland...
The Regulation on the Collection, Storage and Sharing of Insurance Data (Regulation) entered into force through publication in the Official Gazette dated 18.10.2022 and numbered 31987. Some of the important provisions introduced by the Regulation are summarized...
On 05.08.2022, the Personal Data Protection Authority (“Authority”), published Guideline on Banking Sector Good Practices Regarding the Personal Data Protection (“Guideline”). The purpose of the Guideline is guiding data controller banks regarding the personal data processing activities carried out...
On 14.07.2022, the European Parliament Research Service published a briefing (“Briefing”) for the impact assessment (“IA”) of the regulation of the European Parliament and the European Council on harmonised rules on fair access to and use of data (“Data Act”), submitted on 23.02.2022...
The Regulation on Processing of Land Registry and Cadastre Data and Transactions Held in Electronic Environment regulating the procedure and principles regarding the process of the data in the Central Database of the General Directorate of Land Registry and the transactions held in electronic...
The Regulation on Process and Protection of Personal Data by the Social Security Institution (“Regulation”) entered into force through its publication in the Official Gazette dated 19.02.2022 and numbered 31755.
The Personal Data Protection Board Ex-Officio Initiated An Investigation against WhatsApp
The Personal Data Protection Authority’s New Resolution
The Board’s Decision Regarding Registration Obligation of Commercial Enterprises Affiliated to Associations, Foundations and Unions to the VERBIS has been Published
The Personal Data Protection Board Announced Its Decision Regarding the WhatsApp Investigation Initiated Ex-Officio