The tale of two data protection regimes: The analysis of the recent law reform in Turkey in the light of EU novelties

Abstract

Personal data protection regimes across jurisdictions have been faced with new challenges due to certain legislative gaps created by technological advancements and social media eco-systems that place data at the center of connected societies. Realizing this, in April 2016, EU officials adopted Regulation 2016/679 On Protection of Natural Persons with Regard to Processing and Free Movement of Personal Data. At the very same time, the Turkish counterpart finally enforced its Law on protection of such data. This article provides a threefold analysis of the newly introduced reform in relation to the EU rules on data protection and the recently adopted Turkish law, focusing on the citizen, business and governance aspects of the two regimes. Main issues related to cross border transfer of such data are also analysed, considering that in today's digital world it is almost impossible to do business without cross border movement/exchange of data. Since the transfer of personal data to recipients outside the EU/Turkey is normally prohibited unless certain imperative conditions are met, understanding of the lawful data transfer mechanisms in both jurisdictions is essential. Objectives of the article are to examine the two data protection regimes with regard to the new adjustments and assess the extent of consistency between the Turkish law and the reformed EU data protection rules. As being one of the first studies in this context, the article refers to the relevant case law in both regimes. The results of this analysis should be of a particular interest as it comprises a comparative analysis of the legal environment of data protection in the EU and Turkey.