On 15 January, 2021, the Turkish Data Protection Board
("
Board") published its principle
decision concerning the unlawful transmission of personal data to
third parties through various electronic communication
channels.
Following complaints and notifications submitted to the Turkish
Personal Data Protection Authority
("
Authority"), the Board evaluated the
issue of data controllers transmitting documents containing
personal data (such as invoices, receipts, reservation documents)
to incorrect parties due to incorrect or misleading contact
information. The Board also noted that such examples mostly
occurred in industries such as e-commerce, transportation,
telecommunications and tourism.
The decision makes reference to the general provisions
prescribed in Article 4 of the Turkish Data Protection Law