The Turkish law on the protection of personal data came into force April 7, 2016. It's passage was an important step towards harmonizing the Turkish and European Union data protection regimes; however, an important difference involving consent and third parties remains. Ozan Karaduman of Gün + Partners writes for Privacy Tracker that while the definition of third parties under the EU Data Protection Directive excludes data processors, that's not so in the Turkish law. "Meaning, in order for a data controller to transfer its data to a cloud service provider and have the cloud service provider process the data, the data controller would need to obtain the consent of the data subjects" or fall into one of the exceptions to the consent rule, writes Karaduman. Add to that rules around cross-border transfer of personal data, and "this will be a complication in the business process," Karaduman writes.
If you want to comment on this post, you need to login.