The Regulation Prohibiting Payments Through Crypto Assets issued by the Central Bank of the Republic of Turkey is published in the Official Gazette dated 16.04.2021 and numbered 31456 (“Regulation”). The Regulation shall enter in force on 30.04.2021.

Turkey’s Competition Authority has launched an investigation into online advertising sector on March 6, 2021, after the Board’s meeting on January 21, 2021. It is aimed to find out the structure and functioning of the sector, the structural and / or behavioral competition problems in the sector and discuss the adequacy of existing competition law instruments and possible new instruments, in order to establish an effective competition. In this respect, it is planned to meet with policy makers, enterprises and association of undertakings in order to find out market failures and competition problems and to propose solutions in the process.

The Communiqué on the Amendment of the "Financial Crimes Investigation Board General Communiqué (No: 5)" (No: 18) ("Amending Communiqué ") published in the Official Gazette dated 26.02.2021 and numbered 31407 shall enter into force as of 01.05.2021. With the amendment, the monetary amounts based on identification have been updated within the scope of simplified measures, and implementation requirements have been arranged. The amendments brought by the said Amending Communiqué are as follows:

Communique on Agreements, Concerted Practices, and Decisions of Associations of Undertakings that Do Not Appreciably Restrict Competition numbered 2021/3 ("Communique") entered into force after being published in the Official Gazette dated 16.03.2021 and numbered 31425. With the amendment made to the Law No. 4054 on Protection of Competition (“Law”) on June 24, 2020, De Minimis Principle was introduced to Turkish Competition Law. According to the De Minimis Principle, Turkish Competition Authority ("Authority")

Pursuant to the decision (“Decision”) of the Personal Data Protection Board ("Board") dated 01.12.2020 and numbered 2020/915, upon the complaint of an employee working as an official of the data controller, stating that their personal data is processed through fingerprint scanning devices for work entry and exit tracking, it was decided upon the instruction of the data controller to terminate biometric data processing for employee tracking and to remove the existing system. The content of the decision in question is as follows:

The “Procedures and Principles for the Determination, Prevention and Elimination of Price Squeezing” (“Procedures and Principles”), updated with the Board Decision of the Information Technologies and Communication Authority ("Authority") dated 09.02.2021 and numbered 2021 / DK-SRD / 36, has been approved and published on the official website of the Authority. The said Procedures and Principles will enter into force as of 01.04.2021. The previous “Procedures and Principles Regarding the Determination, Prevention and Elimination of Price Squeezing” (“Old Procedures and Principles”), which entered into force as of 01.07.2014 has been abolished. The content of the said procedures and principles are as follows

The Personal Data Protection Board (“Board”) rendered a decision dated 30.10.2019 and numbered 2019/316 (“Decision”) on the complainant doctor’s (“Complainant”) notice (“Notice”), regarding the data controller Hospital (“Data Controller”) who has recorded the patient records of data subject chronic patients’ (“Data Subjects”) on local computers and hospital data system; stored the blood, serum and tissue samples (“Samples”) taken from the Data Subjects in a proper environment to be used in projects; caused the Samples to spoil as a result of not taking the reasonable care to keep the samples under appropriate conditions; and therefore, the Data Controller did not fulfill its obligations regarding data security in accordance with Article 12 of the Personal Data Protection Law numbered 6698 (“PDP Law”).

The Personal Data Protection Board (“Board”) rendered a decision dated 27.01.2020 and numbered 2020/59 (“Decision”), following the complaint (“Complaint”) of the data subject complainant (“Complainant”) regarding unauthorized and unlawful access to the personal e-mail account (@nameofthecompany.com.tr) which consists personal data and was used within a Limited Liability Company (“Limited Company”) of where the Complainant is a partner; changing access settings of the e-mail; and the rejection of the request by the data controller owner of the IP addresses to which this e-mail is affiliated (“Data Controller”) on deletion and removal of all the data in the e-mail account in question.