Data Protection in Turkey
1.LEGAL FRAMEWORK: Although there is no special act regulating data protection in Turkey, there are specific provisions concerning data protection in several acts or secondary legislation, some of them are mentioned below:
TAX PROCEDURE LAW (Law No 213): There is a special provision to prevent access on the data and documents on tax confidence, except for expressly entitled authorities by law, in Article 5 of Tax Procedure Law.
TURKISH PENAL CODE (Law No 5237): Unlawful recording, disseminating, sharing with third parties of personal data is penalized by the articles 135-140 of Turkish Penal Code No 5237.
SOCIAL SECURITIES AND GENERAL HEALTH INSURANCE LAW (Law No 551)
In Article 78 of Social Securities and General Health Insurance Law No 5510, it is stated that data regarding to health of assured person and his or her dependants’ are confidental and protection of these data should be designated by Ministry of Labour and Social Security.
GUIDELINE FOR CONFIDENTIALITY OF CANCER RECORD UNITS: In this Guideline of Ministry of Health, the rules are stipulated for protection of data occurred in the activities of Cancer Record Units.
2. DRAFT LAW ON DATA PROTECTION: Preparations for the draft law for harmonisation are at the final stage. Draft Law on Data Protection was drafted by Ministry of Justice and sent to Office of Prime Minister in 9/11/2005. With the Draft Law, where all personal data on an identified or identifiable individual is undergoing automatic processing, the following issues will be regulated; respect for and protection of rights and fundamental freedoms, in particular the right to privacy; ensuring that the data stored is obtained and processed fairly and lawfully, for specified and legitimate purposes and not used in a way incompatible with those purposes, is adequate, relevant and not excessive in relation to the purposes for which it is stored, is accurate and up-to-date, and where necessary corrected or erased; safeguarding personal data revealing racial origin, political opinions or religious or other beliefs, as well as personal data concerning health or sexual life; recognition of the right to be informed on and access to one’s own personal data. The Draft Law foresees the establishment of a Supervisory Authority (Personal Data Protection Institution), the Higher Board on Personal Data Protection and its administrative units.
2.2 NATIONAL PROGRAMME (for the Adoption of the Acquis)
1- Being a signatory to the “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data” (Strasbourg, 28 January 1981), and,
2- Alignment with the EU Acquis on Personal Data Protection by adopting the principles (“Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data” and “Commission Decision No 95/46/EC of 15 June 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC”) into national law by the “Law on Personal Data Protection”, are declared “Priority 24.9 Alignment with the EU Acquis on Personal Data Protection” in the National Programme.
Also see: Ordinance on Personal Information Processing and Protection of Privacy in The Telecommunications Sector