Feburary 2021 – In January, the most
remarkable announcement of the Turkish Data Protection Board (the
Board ) was in relation to the new
privacy policy of the messaging and VoIP platform WhatsApp. Another
important development was the Board s principle decision
regarding the personal data of third parties illegally provided by
data subjects. The Board also celebrated European Data Protection
Day on 28 January 2021 with a conference.
The Board initiates an investigation against WhatsApp
WhatsApp, Inc. a subsidiary of Facebook recently
announced an update to its privacy policy whereby the use of the
WhatsApp application is conditional upon users explicit
consent to their personal data being shared with and transferred to
February 1, 2021
For the third consecutive year, following the publication of Gibson Dunn’s ninth annual U.S. Cybersecurity and Data Privacy Outlook and Review on Data Privacy Day, we offer this separate International Outlook and Review.
Like many recent years, 2020 saw significant developments in the evolution of the data protection and cybersecurity landscape in the European Union (“
EU”):
CJEU” or “
Court”) struck down as legally invalid the EU-U.S. Privacy Shield, on which some companies relied to transfer personal data from the EU to the U.S. While companies are turning to other frameworks to transfer personal data, such as Standard Contract Clauses (“
On 15 January, 2021, the Turkish Data Protection Board
(
Board ) published its principle
decision concerning the unlawful transmission of personal data to
third parties through various electronic communication
channels.
Following complaints and notifications submitted to the Turkish
Personal Data Protection Authority
(
Authority ), the Board evaluated the
issue of data controllers transmitting documents containing
personal data (such as invoices, receipts, reservation documents)
to incorrect parties due to incorrect or misleading contact
information. The Board also noted that such examples mostly
occurred in industries such as e-commerce, transportation,
telecommunications and tourism.
The decision makes reference to the general provisions
prescribed in Article 4 of the Turkish Data Protection Law