What does this cover?

A revised version of Turkey's Draft Data Protection Bill (the Draft Bill), first proposed in 2014, has been presented to the Turkish Grand National General Assembly (the Assembly). A number of important changes have been incorporated into the revised Draft Bill, dated 18 January 2016.

The changes relate to provisions dealing with:

  • the definition of 'explicit consent';
  • the definition of 'sensitive data';
  • the composition and role of the Data Protection Authority;
  • processing exclusions;
  • the treatment of 'state secrets';
  • the role of data protection officer; and
  • international data transfers.

The Assembly met on 17 February to discuss the Draft Bill. The next stage of the legislative process will involve the Assembly voting on the individual articles of the Draft Bill. Prime Minister Ahmet Davutoğlu's Action Plan 2016 indicates that data protection legislation will be enacted by March 2016; however, the timeline for the process has not been confirmed.

To view the 2016 Draft Bill, please click here (Turkish).

What action could be taken to manage risks that may arise from this development?

Organisations operating in Turkey should continue to monitor the progress of the Draft Bill and take advice from local legal counsel in Turkey regarding changes that will need to be made in order to comply with the provisions of the law when it comes into force.