Turkey

Summary

Law: Law on Protection of Personal Data No. 6698 (as amended by the Regulation on Procedures and Principles Regarding the Cross-border Transfer of Personal Data (only available in Turkish here) (the Regulation)) (the Law, as amended)

Regulator: Personal Data Protection Authority (KVKK)

Summary: The Law, as amended received Presidential approval and entered into force on April 7, 2016. Its final text was published in the Official Gazette, Number 29677 on the same date. The Law is the first general data protection law in Turkey and is largely based on the former European Data Protection Directive (Directive 95/46/EC).

The Law, as amended establishes the KVKK and the Data Protection Board as the supervisory authorities responsible for its enforcement. The KVKK mostly serves an administrative role, while the Board is the decision-making organ within the KVKK. The KVKK was established as an independent regulatory authority with institutional and financial autonomy and is responsible for ensuring personal data protection and raising awareness in this respect.

Secondary legislation introduced in Turkey in the form of regulations and communications has led to a development similar to the changes in the EU brought about by the GDPR. There are several areas in which the GDPR and the Law bear a strong similarity, including, for instance, their material scope. The Regulation details the new era regarding cross-border data transfers brought by the amendments to the Law, as amended entered into force on June 1, 2024.

Browse more content in Turkey

All Guidance Notes

All News

All Insights

News

11 November 2024

Turkey: KVKK publishes an information note on chatbots

29 October 2024

Turkey: KVKK launches online notification module for international data transfers

22 October 2024

Turkey: KVKK reports a data breach at Lokman Hekim Üniversitesi affecting 2,308 individuals' personal data

10 October 2024

Turkey: KVKK announces Kilis 7 Aralık Üniversitesi data breach

17 September 2024

Turkey: KVKK provides information on alleged data breach during COVID-19

17 September 2024

Turkey: National Cyber Security Strategy and Action Plan published in Official Gazette

17 September 2024

Turkey: Strategy and Budget Presidency publishes 2025-2027 Medium Term Program

11 September 2024

Turkey: KVKK announces İncirli Sağlık ve Sosyal Tesisler data breach

29 August 2024

Turkey: KVKK signs cooperation protocol with Ministry of Trade

27 August 2024

Turkey: KVKK issues announcement on processing personal data via random digit dialing for statistical research

23 August 2024

Turkey: KVKK issues general recommendations for processing personal data with AI

06 August 2024

Turkey: KVKK issues an information note regarding condition for personal data processing as explicitly provided by law

Insights

November 2024

Turkey: Amendments to the data protection law and changes to data transfers

The Personal Data Protection Law No. 6698 (the Law) is the main piece of legislation concerning the protection of personal data in Turkey, which covers the processing of personal data belonging to identified or identifiable individuals and governs the obligations imposed on individuals or legal entities processing such personal data. Deniz Tuncel, Partner at Hergüner Bilgen Üçer, looks at recent amendments to the Law and their impact on data transfers.

April 2024

Turkey: A comprehensive guide to the amendments to the personal data protection law

In pursuit of a longstanding governmental objective to converge with EU legislation, notably the General Data Protection Regulation (GDPR), substantial revisions have been made to the Personal Data Protection Law No. 6698 (the Law). Published in the Official Gazette in March 2024, these amendments represent a concerted effort to align the Law with the GDPR principles, particularly focusing on addressing specific contentious issues. Yücel Hamzaoğlu, Partner at Hamzaoğlu Hamzaoğlu Kınıkoğlu Attorney Partnership, takes a look at the amendments and their impact on the current provisions.

April 2024

Turkey: The evolving approach to AI governance

Artificial intelligence (AI) is rapidly transforming various sectors globally, and Turkey is no exception. As the adoption of AI technologies accelerates, governments worldwide are addressing the need for comprehensive regulations to ensure ethical and responsible AI development and deployment. Yücel Hamzaoğlu and Melike Hamzaoğlu, from Hamzaoğlu Hamzaoğlu Kınıkoğlu Attorney Partnership, delve into the current state of AI regulation in Turkey, examining guidelines, existing legislation, and the influence of the EU AI Act.

March 2024

Turkey: The KVKK's guidance on recommendations for protecting privacy in mobile applications

On December 22, 2023, the Turkish Personal Data Protection Authority (KVKK) published the Guidelines on the Protection of Privacy in Mobile Applications (the Guidelines) to address the existing and potential risks regarding the protection of privacy in mobile applications and to provide general recommendations to data subjects and data controllers. Melis Mert, of BTS & Partners, provides an overview of the key takeaways and enforceability of the Guidelines.

November 2023

Turkey: KVKK publishes guidelines on considerations when processing genetic data

The Turkish Personal Data Protection Authority (KVKK) published its guidance on the processing of genetic data in October 2023 in the Guidelines on Matters to be Considered in the Processing of Genetic Data (Genetic Data Guidelines). In this Insight article, Melis Mert, from BTS & Partners, explores the highlights and key takeaways of these guidelines.

September 2022

Turkey: The role of data controller representatives - What you need to know

Law on Protection of Personal Data No. 6698 ('the Law') introduced a significant number of responsibilities for domestic and foreign data controllers, among which the appointment of a data controller representative ('DCR'). Can Sözer, Berfu Öztoprak, and Ecenur Etiler, from Esin Attorney Partnership, discuss the role of DCRs and compare it to that of contact persons and data protection officers ('DPOs').

September 2022

Turkey: The Commercial Electronic Message Management System in a nutshell

In Turkey, rules regarding commercial communications are governed under Law No. 6563 of 2014 on the Regulation of Electronic Commerce ('the E-Commerce Law') and the Regulation on Commercial Communications and Electronic Commercial Messages 2015 ('the Regulation on Commercial Communication'). In 2020, with the amendments made under the Regulation on Commercial Communication, Turkish legislators introduced the Commercial Electronic Message Management System ('İYS'). Can Sözer, Berfu Öztoprak, Ecem Elver, and Ecenur Etiler, from Esin Attorney Partnership, provides an overview of the İYS, including which data companies need to submit to it and details regarding the registration procedure.

August 2022

Turkey: Loyalty programs - how to process personal data

On 16 June 2022, the Personal Data Protection Authority ('KVKK') published the draft guidelines on examination of loyalty programs within the scope of the Personal Data Protection Law No. 6698 ('the Law') on its official website for public consultation, with the KVKK accepting opinions on the draft guidelines from stakeholders up until 16 July 2022. Melis Mert and Büşra Haltaş, from BTS&Partners, provide a summary of the key points presented by the KVKK in the draft guidelines.

July 2022

Turkey: Guidelines on cookies applications - What you need to know

The increasing use of the internet has amplified the importance of online tools in our daily lives. This trend has assigned great significance to the use of cookies and introduced legal and technical regulations worldwide. İlay Yılmaz, Can Sözer, Berfu Öztoprak, and Aybüke Gündel Solak, from Esin Attorney Partnership, discuss cookies, principles for data processing through cookies, as well as different trends and frameworks regulating their use in Turkey.

May 2022

Turkey: An introduction to the Turkish Institute of Health Data Research and Artificial Intelligence Applications

On 12 December 2019, the Turkish Institute of Health Data Research and Artificial Intelligence Applications ('the Institute') was established under the Presidency of Turkish Health Institutes, one of the institutions of the Ministry of Health. Melis Mert and Miray Muratoğluc, from BTS & Partners, discuss the background to the Institute, as well as to the health and artificial intelligence ('AI') in Turkey.

February 2022

Turkey: Recent developments on the processing of personal data via cookies

On 11 January 2022, the Personal Data Protection Authority ('KVKK') published its draft guidelines on cookie applications¹ ('the Draft Guidelines') for public consultation, which covers cookies placed on the devices of data subjects and relevant privacy-related obligations. Melis Mert and Kaan İlısu, from BTS & Partners, provide an overview of the Draft Guidelines for data controllers who process personal data via cookies and are subject to the Law.

January 2022

Turkey: KVKK recommendations on AI

Artificial intelligence ('AI') is a concept that is progressively becoming more important in our daily lives and in most industries. Although its most prominent aim is to make our lives easier, data privacy concerns surrounding AI raise questions for regulators and individuals. AI's swift emergence and development in most markets and industries demands a more rigorous approach to establishing guidelines for it. İlay Yılmaz, Can Sözer, Yigit Acar, and Ecenur Etiler, from Esin Attorney Partnership, discuss the emergence of various guidelines, ethical rules, and recommendations on AI practices from the EU and Turkey.

Turkey

Summary

Browse more content in Turkey

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us