The “Communiqué on the International Bank Account Number” (“Communiqué”) has been published by the Central Bank of the Republic of Turkey in the Official Gazette dated 05.08.2021 and numbered 31559. Within the scope of the Communiqué, the amendments have been made to the Communiqué on International Bank Account Number (Number: 2008/6) published in the Official Gazette dated 10/10/2008 and numbered 27020. The purpose of this Communiqué is to determine the principles and procedures regarding the application of the international bank account number by the payment service providers:

“The Regulation on the Applicant’s Identity Verification Process in the Electronic Communications Sector” (“Regulation”) has been published by the Information Technology and Communication Agency in the Official Gazette dated 26.06.2021 and numbered 31523. The Regulation regulates the procedures and principles regarding the process to be applied for the verification of the applicant’s identity in case of electronic documentation of the following issues: subscription contract, GSM number porting application, qualified electronic certificate application,

Personal Data Protection Board (“Board”) rendered a decision dated 06.05.2021 and numbered 2021/470 (“Decision”) regarding the unredeemed access request of a data subject working in a data controller company (“Data Subject”) to the employer Data Controller (“Data Controller”), for the access to personal data regarding meal card account activities. Pursuant to the Decision, the Data Subject requested from the Data Controller to be forwarded the account movements of the meal card allocated to him/her by the Data Controller. In order to provide the requested information to the Data Subject, the Data Controller has requested certain information to verify the identity of the Data Subject.

Within the framework of the announcement (“Announcement”) published on the website of the Personal Data Protection Authority (“Authority”) on 25.06.2021, it is stated that there were hesitations in the opinion requests delivered to the Authority, about the registration obligations of business partnerships, consortia and ordinary partnerships in the Data Controllers’ Registry (“Registry”).

The Personal Data Protection Board Decision No. 2021/571 and dated 09/06/2021 on the Obligation to Register Economic Enterprises Belonging to the Data Controllers Registry of Foundations, Associations and Trade-Unions has been published in the Official Gazette dated 24 June 2021. Pursuant to the Decision of the Personal Data Protection Board (“Board”) dated 22/04/2020 and numbered 2020/315 and the amended Decision dated 02/04/2018 and numbered 2018/32, it has been provided exception to “associations, foundations and trade-unions established in Turkey that process personal data only in accordance with the relevant legislation and purposes, limited to their fields of activity”.

The Personal Data Protection Board (“Board”) rendered a decision dated 20.04.2021 and numbered 2021/407 (“Decision”) regarding the data breach notice of a data controller hospital (“Data Controller”). In the Decision, within the scope of the data breach notice submitted by the Data Controller, it was stated that (i) the breach was carried out with the instruction of the physician working in the hospital, by removing the files of the patients out of the hospital by the hospital staff; (ii) the employee who attempted to extract the file was detected 17 days after it was videotaped; (iii) all but one of the employees involved in the breach was given a training on protection of personal data prior to occurrence of the data breach; (iv) the Personal Data Protection Authority (“Authority”) was notified to the Board 25 days after the breach occurred, due to the reasons included in the breach notification regarding late notification.

The Personal Data Protection Board (“Board”) rendered a decision dated 20.04.2020 and numbered 2021/389 (“Decision”)regarding an insurance company (“Data Controller”), based on the fact that the insurance company provided its services with the condition of explicit consent.

It was announced that the “Guideline to Privacy in Digital Games” (“The Guideline”) drafted by the Information Technologies and Communications Authority (“Authority”) was published on the official website of the Authority on 01.06.2021. The guideline provides information on the current state of digital games, what digital privacy is, how to protect against threats in digital games, threats in online games, and what cyberbullying is. Some of the key issues organized by the Guideline are as follows:

The Draft Regulation on Remote Identification Methods and Establishment of Contractual Relations in Electronic Environment to be Used by Financial Leasing, Factoring, Financing and Saving Financing Companies, ("Draft Regulation") has been drafted by the Banking Regulation and Supervision Agency (“Authority).  The Draft Regulation has been published on the official website of the Authority on 07.05.2021.

The Report on “Competition and Data Protection in Digital Markets: a joint statement between the CMA and the ICO” (“the Report”) has been published by UK Competition and Markets Authority (“CMA”) on 19.05.2021. The Report sets out how to enhance the synergies between the policy agendas and, where to identify the potential for tensions, explains how to address them.