Turkey’s Personal Data Protection Board (“Board”), has adopted and published two important rulings. These address protection of personal data in websites/applications that provide phone-book services, as well as protection of personal data at service areas such as counters, box offices and desks. The Board is the decision-making body for the Personal Data Protection Authority, established by Article 19 of the Personal Data Protection Law number 6698 (“Law”).
Under Ruling number 2017/61, the Board declared that websites and applications which offer phone directory services (searchable via phone number or name) and share personal data without any justifiable reason determined under the Law and relevant legislation, must immediately cease their activities, or face either administrative or criminal sanctions. The Ruling underlines that all data processing activities must comply with the conditions under Article 5 and Article 6 of the Law for processing personal data and persons processing personal data must also comply with other requirements under the Law.
Under Ruling number 2017/62, the Board declared that entities providing services at service counters, box-offices and desks must ensure that only authorized persons are in these locations, as well as take necessary measures to prevent people receiving services at these locations from seeing or hearing each other’s personal data. The Board specifically referred to banks and healthcare organizations in this context.
The full text of the Board’s Rulings, published in Official Gazette number 30312 on 25 January 2018, can be found at these links (only available in Turkish):