Turkish data protection law: GDPR alignment and key 2024 amendment
Abstract
The Turkish Personal Data Protection Act (PDPA) came into force in 2016. Since then, expectations and discussions regarding the harmonisation of the PDPA with the General Data Protection Regulation (GDPR) have been on the agenda. The 2024 amendment to three articles of the PDPA can be seen as a first step towards this. In this regard, there is now a new regime for the transfer of personal data abroad in Türkiye. The amendment changed the scope of adequacy decisions, explicitly recognised binding corporate rules, and introduced standard contracts (standard contractual clauses [SCCs]) for the first time. This is a remarkable step towards alignment with the GDPR; however, significant differences remain, particularly in respect of data transfers based on the explicit consent of data subjects. According to the new provision of the PDPA, data transfers based on consent may only take place in incidental cases. There are a few other differences, including the absence of a docking clause in the standard contracts. More importantly, compliance with the GDPR cannot be achieved by amending only one or a few provisions. In assessing the new regime for transfers abroad, it is necessary to consider the provisions of the PDPA as a whole. This paper examines the revised data transfer regime in Türkiye in comparison to the GDPR and identifies the key issues related to this. This paper is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Elif Küzeci Dr Elif Küzeci is an Associate Professor of Public Law at Bilkent University, Ankara, Türkiye. She received her PhD in public law from Ankara University in 2010 with a dissertation on data protection. She teaches Data Protection Law, IT Law, Philosophy of Law and Theory of State. In 2016, she was invited as an expert to the Parliamentary Commission of the Turkish General Assembly on the Personal Data Protection Act. Elif is currently an Associate Editor of the International Data Privacy Law Journal (IDPL). She is the former Chair of the Internet Society — Türkiye Chapter (ISOC-TR). Elif is the author of three books: Human Rights and Public Freedoms (Turhan Publishers, Ankara, 8th edition, 2019; co-author with Prof. Ahmet Mumcu), Personal Data Protection (On İki Levha Publishers, Istanbul, 4th edn, 2020) and Digital Elephant: An Investigation into the Intersection of Information Technology, Government and Law (Inkilap Publishers, Istanbul, 2021). She has published several articles and book chapters in both Turkish and English.
