First published by Bloomberg BNA in the World Data Protection Report, 16 WDPR 02, 2/25/16
Although it sounds so, the right to be forgotten is not new. Rather, this right is simply another dimension to applying personal data protection rules to the modern world, with the prevalence of the internet and other digital technologies.
The Draft Law on the Protection of Personal Data (Draft) began its long running enactment process in Turkey in 2008. However, recent developments saw the Draft being sent to the sub-commission Jan. 27. While the Draft legislation remains sitting on parliament’s agenda, a Turkish court recently accepted the existence of the Right to be Forgotten for the first time.1
In a recently published decision, the General Assembly of Civil Chambers (Assembly) examines, interprets and for the first time acknowledges, the right to be forgotten under Turkish law. The Assembly held that the right includes digital data, as well as non-digital personal data which is kept in publicly accessible mediums. The digital aspect of this decision adopts and applies a similar scope as was granted by the Court of Justice of the European Union in its Google Spain decision.
Sexual Assault Case
The main issue of the dispute arose around the plaintiff’s request for non-pecuniary compensation when her name was used in a legal text book, cited in relation to a sexual assault decision. The plaintiff was a victim of sexual assault and the assailant was found guilty in a criminal case. During the hearings, the plaintiff/victim gave explicit descriptions of the assault, which were included in the decision’s text. After the proceedings, an academic book was published, containing certain decisions by the Court of Appeal, including the plaintiff’s case. The names of the claimant/victim and assailant were not censored. Accordingly, the plaintiff initiated the case at hand, seeking non-pecuniary damages for violation of her personal rights.
The plaintiff argued that her personal rights have been violated. She argued that since her name was published again in relation to the assault, four years after the incident, she will have to go through psychological trauma once again and her honour has become debatable. The defendants argued along the lines of freedom of science and research, claiming that freedom of expression
The defendant appealed the decision to the Court of Appeal, which ruled for the first time on the right to be forgotten. The Court of Appeal determined the main issue of the dispute as the fair balancing of personal rights against scientific freedom and freedom of research. The Court of Appeal specifically considered Article 13 of the Charter of Fundamental Rights of the European Union, which states that ‘‘The arts and scientific research shall be free of constraint. Academic freedom shall be respected.’’ Article 13 is reflected in the Turkish Constitution in Article 27, which ensures freedom of science as a personal right. The Court of Appeal acknowledged that even academic freedom is not boundless.
Considering the specific circumstances of the case, the Court of Appeal held that academic freedom should be preferred over personal rights in this dispute. Therefore, the Court of Appeal ruled that no infringement of personal rights had occurred and the first instance court should re-hear the matter. should prevail. However, the first instance court ruled that from the academic and scientific aspect, revealing the victim’s name would not benefit the book academically. As a result, the court accepted the plaintiff’s case, also taking into account the sensibility of the incident and the structure and values of Turkish society.
However, the first instance court insisted on its previous ruling, meaning the case was referred to the Assembly. In its decision, the Assembly also noted the necessity of creating a fair balance between academic or artistic freedom and fundamental personal rights. The Assembly examined the concepts of personal data, the right to privacy, scientific freedom and the right to be forgotten in line with the Constitution, EU directives and with a modern understanding of the concepts. According to Turkish Civil Code, infringements on personal rights are unlawful. Exceptions include restrictions for the elderly, public rights or where authorization is given by law.
The Assembly defines personal data as any information relating to a specific or specifiable real or legal person, including the following examples: ‘‘identity information, economic and digital information, nationality, expressions and ideas, ethnicity, political views, philosophical beliefs, religion, religious sect or other beliefs, memberships of associations, foundations and unions, health information, photographs, finger print, health data, phone messages, phonebook or posts, photos, audio or visual records shared on social media of a person.’’
According to the Assembly, the main purpose of personal data protection is to protect individuals’ privacy. Personal data protection is essential for a person to freely regulate his life in a modern democratic state of law. As per the Assembly’s decision, this same purpose lies beneath the right to be forgotten. Both aim to allow a person freely manage his personal data, plan and shape his future without the obstacles from the past, as well as ensure the right to privacy. Personal freedom is crucial for a healthy and well-developed society.
Right to Be Forgotten Defined
In general, the Assembly defined the right to be forgotten as the right to request deletion or prevention of further spread of personal data, which is not desired to be known by others, as well as the right to request that unpleasant events stored in digital memory be forgotten.
According to the Assembly, the right to be forgotten gives an individual the right to request deletion of certain matters, as well as requires the publisher to take necessary measures to prevent the information spreading or being used by third parties in different mediums. The Assembly adopted and applied the same scope for the digital aspects of the right to be forgotten as was determined by the Court of Justice of the European Union in the Google Spain decision.
However, the Assembly took the right to be forgotten a step further than Google Spain. It also held that the right to be forgotten applies to non-digital personal data stored in mediums which are easily accessible by the public.
Accordingly, the Assembly held that academic publications should not expose personal data unless it is in the public’s best interests, due to being of great public importance or high interest. It held that the case at hand failed to meet this threshold and accordingly the plaintiff is entitled to non-pecuniary damages.
The Assembly’s decision is the first decision in Turkish practice that acknowledges the right to be forgotten. It is also the first decision to address the topic with respect specifically to personal data and related human rights.
Data protection norms, mechanisms or at least strong practices are necessary in Turkey where increasing Internet use and digital networks allowed third parties to easily acquire personal data. In this environment, the information and data voluntarily shared on social media is easily accessed and personal data is regularly shared with e-commerce web-sites, shopping websites, banks and professional associations. Therefore, protection of personal data and the right to be forgotten are of utmost importance.
The Assembly’s decision gives a broad understanding, definitions and interpretations of personal data and the right to be forgotten. The decision will be influential in beginning to building strong practices to protect individuals.