Turkey’s Data Protection Authority (“Authority”) has updated the Implementation Guideline for the Data Protection Law (“Guideline”). The Guideline now outlines the criteria for assessing “legitimate interest”, which is an exception enabling personal data to be processed without explicit consent. The Authority also announced that applications and social media platforms providing phonebook services without obtaining explicit consent violate the Law on Protection of Personal Data number 6698.
Accordingly, the Guideline now explains that to qualify as a legitimate interest, the data controller’s benefit must meet all of the following criteria:
- Legitimate.
- Definite.
- Related to an existing interest.
- Related to current activities carried out by the data controller.
- Obtainable in the near future.
- Balanced with the data subject’s right and freedoms.
The Authority also announced that applications and social media platforms which provide phonebook services without obtaining explicit consent violate the Law on Protection of Personal Data number 6698. The Authority announced that it had launched an investigation into these activities. The Data Protection Board has previously ruled that websites and applications which offer phone directory services must immediately cease their activities (Ruling 2017/61; more).
Please see this link for the full text of the Authority’s announcement and this link for the full text of the Guideline (only available in Turkish). All of the Authority’s guidelines can be found at this link.