2016

"Turkey 's new ""Law on the Protection of Personal Data"" has entered into effect, effective October 7, 2016. The Data Protection Law adopts a broadly European model for data protection and helps clarify key aspects of the regulation of personal data under Turkish law. The following rules and standards were effective on October 7, 2016:

- Individuals ' rights of access to personal data, including the obligation to notify individuals of their rights.

- Processes for handling individuals ' complaints and requests.

- Transfer of personal data to third parties and foreign jurisdictions.

- Registration with the Data Protection Authority.

- Imposition of sanctions, including criminal and administrative fines."

After a decade of winding its way through the legislative process, Turkey 's new Data Protection Law entered into force on April 7. Although Turkey previously had a few sectoral data protection laws on the books, this is the first time the country has had an omnibus data protection law. There are many questions about the law, including which information is deemed within the scope of the personal data? What are the principles of data processing? What are the Conditions for Data Processing without Consent? What are the Obligations Related to Data Safety? And what are the Crimes and Misdemeanors for Violation of the Law?

"Attorney General, George Brandis says he will move to make it a criminal offence to publish or disseminate ""reidentified"" government datasets, in a move that digital rights groups say could criminalise important research and security work. He added, ""With advances of technology, methods that were sufficient to de-identify data in the past may become susceptible to reidentification in the future,"" he said.

The chair of Digital Rights Watch, Tim Singleton urged Brandis to consult broadly with privacy groups to examine how the legislation would be introduced.

Brandis said the legislation would be introduced in parliament 's spring sitting to amend the privacy laws."