top of page
  • gtugrul

Turkey: Looking Back at the Legal Developments in 2023



2023 has marked many legal milestones and as the year comes to an end, we’ve rounded up the ones in the fields of technology, data protection, advertising, and intellectual and industrial property:

  • On January 1, the Regulation on Electronic Commerce Intermediary Service Providers and Electronic Commerce Service Providers, which regulates the obligations of electronic commerce intermediary service providers and electronic commerce service providers, unfair commercial practices, illegal content, intermediation agreement, electronic commerce license and other issues related to electronic commerce, (excluding few of its provisions) has entered into force (For details, please see our article).

  • On January 28, upon the publication of the Communiqué on Minimum Equity Requirement Amounts of the Institutions Providing Payment Services on the Official Gazette, the minimum equity requirements were increased for the electronic money institutions, payment institutions that perform payment services exclusively for the intermediation of invoice payments, and other payment institutions (For details, please see our article).

  • In 2022, specific obligations (such as electronic commerce license) were introduced for service providers exceeding certain thresholds set out under the Law No. 6563 on the Regulation of Electronic Commerce. On February 23, a Presidential Decree was published on the Official Gazette, increasing these thresholds by half (For details, please see our article).

  • The Personal Data Protection Board published its decision with no. 2023/134 and dated March 1, regarding an investigation upon user complaints and decision to impose an administrative fine of TRY 1.750.000 (approx. EUR 56.000) on the internet social media platform TikTok, based on the failure of the obligations concerning providing personal data security under the Law No. 6698 on Personal Data Protection.

  • On April 1, the Information Technologies and Communications Authority’s decision numbered 2023/DK-ID/119 adopting theProcedures and Principles for Social Network Providers, was published on the Official Gazette. With the publication, social network providers became obliged to fulfill certain requirements such as informing judicial authorities about certain crimes, providing segregated services for children, protecting user rights, and establishing an effective application mechanism. This decision also introduced additional obligations to the service network providers with more than one million daily access from Turkey (For details, please see our article).

  • On May 26, the Medicines and Medical Devices Authority published the Regulation Amending the Regulation on Medical Device Sales, Advertisement, and Promotion on the Official Gazette. This amendment brought new definitions such as “use life, usage error, technical service, and spare parts”; and introduced obligations for the sellers, importers, and manufacturers after the sale of medical devices (For details, please see our article).

  • On June 6, the Energy Market Regulatory Authority announced the Regulation on Cyber Security Competence Model in the Energy Sector, which repealed the Regulation on Information Security in Industrial Control Systems Used in the Energy Sector. The new regulation defines Industrial Control Systems as well as focuses on new competency models that differ in line with sub-energy sectors (For details, please see our article).

  • The Personal Data Protection Board, with its decision numbered 2023/1154 and dated June 6, increased the minimum “annual financial balance sheet total” amount, which is a criterion to be exempt from the obligation to register with the Data Controllers Registry (VERBIS), from TRY 25.000.000 (approx. EUR 800.000) to TRY 1.000.000.000 (approx. EUR 32.000.000) (For details, please see our article).

  • On August 11, the Communiqué Amending the Financial Crimes Investigation Board General Communiqué was published by the Ministry of Treasury and Finance. This communiqué regulates procedures and principles regarding the remote identification of customers (previously, only natural persons) in banking transactions and with the amendment, legal entities registered in the trade registry were included within the scope of remote identification (For details, please see our article).

  • The Advertisement Board imposed administrative sanctions on advertisements that were created by the artificial intelligence ChatGPT, at its meeting numbered 337 and dated September 12. The Board concluded that advertisements including statements such as “...is also Turkey’s largest fashion retail brand according to ChatGPT”, “…we’ve asked ChatGPT and got the right answer”, “the most iconic TV channel…” were not up to date and accurate and were misleading to consumers (For details, please see our article).

  • On September 19, the Ministry of Trade published the Consumer Review’s Guide, which mainly focuses on matters related to the Regulation on Commercial Advertisement and Unfair Commercial Practices, namely misleading reviews or unrealistic score ratings (For details, please see our article).

  • Amendments on the Regulation on Payment Services and Electronic Money Issuance and Payment Service Providers and the Communiqué on Information Systems of Payment and Electronic Money Institutions and Data Sharing Services in the Field of Payment Services Providers, entered into force on September 30, which was priorly extended several times. With the amendments, liabilities such as data sharing technical requirements regarding payment and obtaining an operating permit, equity and collateral liability, protection of payment funds, and protection of funds collected in return for electronic money entered into force and payment institutions and electronic money institutions operating as of December 1, 2021 became obliged to comply with the amended provisions (For details, please see our article).

  • On October 7, (i) the Regulation Amending the Regulation on Payment Services and Electronic Money Issuance, Payment Service Providers; and (ii) the Communiqué Amending the Communiqué on the Management and Supervision of the IT Systems of Payment and Electronic Money Institutions and Data Sharing Services of Payment Service Providers in Payment Service Area were published on the Official Gazette. Both regulations include significant provisions, including equal treatment rule, deadlines on license applications, cross-border data transfers and digital wallets, which is regulated under the Turkish law for the first time (For details, please see our article).

  • On October 13, the Personal Data Protection Authority published a new Guideline on Matters to Consider when Processing Genetic Data, which deemed Genetic Diseases Evaluation Centers as data controllers under the Law No. 6698 on Personal Data Protection; and set out that, data controllers must explain the genetic data processing activities and their consequences to the data subjects, clearly and comprehensively (For details, please see our article).

  • With its decision dated October 27, the Constitutional Court has annulled the provision that regulates the Advertisement Board’s criminal jurisdiction. The Court has concluded that the Advertisement Board’s authority contradicts Article 26 of the Constitution which ensures freedom of expression. The annulment will enter into force in July 2024 (For details, please see our article).

  • On November 4, the Regulation Amending the Distance Contracts Regulation was published on the Official Gazette. This regulation has postponed the specific obligations regarding sellers’ obligation to inform consumers preliminarily and consumers’ right of withdrawal, to January 1, 2025; which was initially introduced on August 23, 2022 (For details, please see our article).

  • On November 13, the Personal Data Protection Authority published an announcement regarding personal data processing activities where a verification code is sent to data subjects via SMS while shopping in stores. The Announcement focuses on the data controllers’ non-compliant data processing practices during face-to-face shopping and provides recommendations (For details, please see our article).

Authors: Hatice Ekici Tağa, Burak Özdağıstanli, Ebru Gümüş, Göksu Tuğrul

12 views0 comments

Comments


bottom of page