Open menu
07December2020

Regulation on Protection of Personal Data in Electronic Communications Sector Has Been Published

Regulation on Protection of Personal Data in Electronic Communications Sector Has Been Published

The Regulation on the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector ("Regulation") was published in the Official Gazette dated 4.12.2020 with no. 31324. The Regulation regulated within the scope of Electronic Communications Law Numbered 5809 ("Law"), and sets forth the terms and conditions to be followed by the operators who operate in the electronic communications sector in terms of the data they obtain within the scope of providing electronic communications services, including legal person subscriptions.

The regulation covers companies that provide electronic communication services and/or provide electronic communication networks and operate their infrastructure within the framework of authorization ("Operator"). The featured statements in the Regulation are as follows:

1. Principles

  • In the Regulation, the principles included in the Personal Data Protection Law numbered 6698 ("KVKK") are adopted for the privacy and protection of personal data.
  • It is essential not to take traffic and location data related to electronic communication abroad for national security purposes.

2. Measures to be Taken for Security and Notification of Risk and Violations

  • In order to ensure the security of personal data, all kinds of technical and administrative measures required in accordance with the measures stipulated in KVKK and the Law, and national and international standards will be taken with the risk-based approach.
  • When deemed necessary, the Information Technologies and Communication Authority may request information and documents from the operators regarding the security measures taken, impose administrative sanctions and request changes in the said security measures.
  • Operators will keep transaction records regarding the access to data-related systems and personal data for 2 years.
  • Operators will be responsible for compliance with the Regulation, confidentiality, security, integrity, accessibility of data and purpose limitation of data processing.
  • When there is a risk threatening the security of the service, the relevant subscriber users will be informed; in case of a personal data breach, the breach in question will be notified to the Personal Data Protection Authority and the relevant subscriber/users as soon as possible, by providing the conditions stipulated in KVKK. You can find the conditions of KVKK on relevant issue here.

3. Conditions of Explicit Consent

  • In cases where explicit consent is required, explicit consent will be obtained prior to the transaction and will be limited to a specific issue.
  • Consent will not be subject to a precondition such as the provision of the service and it will be ensured to be freely given.
  • Clear and understandable information about the type of personal data to be processed and the types of traffic and location data, its scope, the purpose and duration of processing will be given to the data subject before obtaining the consent, in the text using characters of at least 12 font size.
  • After the notification, the declaration of the subscriber/user as "yes/approval/acceptance" can be received in written or electronic environment. This approval cannot be combined with a declaration of intent for a different transaction, such as the agreement or acceptance of the service.
  • These explicit consent records will be kept at least during the subscription period.
  • Information obligation will be fulfilled with the conditions in KVKK.
  • Subscribers/users will always be able to withdraw their explicit consent free of charge, using the same or a simpler method.
  • Operators will inform subscribers /users that their data has been processed within the scope of their explicit consent, in the third quarter of each year. Otherwise, data processing activities within the scope of explicit consent previously given will be stopped until the notification is made.

4. Administrative Fines and Sanctions

In case the operators do not fulfill the obligations determined by the Regulation, the provisions of the Regulation Information Technologies and Communication Authority Administrative Sanctions will be applied.

5. Force

The Regulation will enter into force on 4.06.2021, six months after its publication.

You can find the full text of the Regulation here (in Turkish).

You can contact us for support and further information.

Author CottGroup Hukuk ve Mevzuat Ekibi, Category Personal Data Protection Law

  • Bordromat

  • Notification!

    Contents provided in this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance put in the preparation of this article, CottGroup® and its member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject.

    For each concrete situation, it is strongly advised to seek guidance from a professional advisor. If you are a customer of ours, please consult with your customer representative before taking any action related to the announcement. If you are not a customer, seek advice from an expert.

About The Author

/tr/mevzuat/item/elektronik-haberlesme-kisisel-verilerin-korunmasina-iliskin-yonetmelik

Other Legislation

Bu web sitesi çerez kullanıyor.

Bu internet sitesinde, kullanıcı deneyimini geliştirmek, verimli çalışmasını sağlamak ve istatistiki verileri takip etmek için çerezler kullanılmaktadır. Sitemizi kullanarak çerezleri kabul etmiş olursunuz. Çerezleri nasıl kullandığımız ile ilgili detaylı bilgi için lütfen Çerezler (Cookies) sayfasını okuyunuz. Bu seçim 30 gün süreyle ya da tarayıcınızdaki çerezleri siz silene kadar geçerlidir.

Çerez Tercihleri Cookie Preferences

Çerezleri Ayarla

Çerezler, web sitelerinin kullanıcı deneyimini daha verimli hale getirmek için kullanabileceği küçük metinlerdir. Kanun, bu sitenin işleyişi için kesinlikle gerekli olan çerezlerin cihazınıza saklanabileceğini belirtir. Diğer tüm çerez türleri için izninize ihtiyacımız var. Bu site, çeşitli türde çerezler kullanmaktadır. Bazı çerezler, sayfalarımızda görünen üçüncü taraf hizmetler tarafından yerleştirilir.

Verdiğiniz izinler aşağıda yer alan web siteleri için geçerlidir:

  • www.cottgroup.com

    • Web sitemizin temel fonksiyonları için kesinlikle gerekli olan çerezlerdir ve bu çerezler olmadan site düzgün bir şekilde çalışmaz.

    Web sitemizin nasıl kullanıldığını anlamamıza ve ziyaretçi etkileşimlerini analiz ederek hizmetlerimizi geliştirmemize yardımcı olan çerezlerdir.

    Kullanıcı tercihlerinizi hatırlayarak, daha kişiselleştirilmiş bir deneyim sunmamızı sağlayan çerezlerdir.

    İlgi alanlarınıza göre kişiselleştirilmiş reklamlar sunmak ve pazarlama kampanyalarımızın etkinliğini ölçmek için kullanılan çerezlerdir.