Thought leadership from our experts

2014 Changes to Turkish internet law

With approximately 40 million broadband internet subscribers, the increasing prevalence of smart devices and the significantly high young population in Turkey; intensive use of the Internet, social media and e-commerce is rising each day. The increase of Internet usage through new technologies in both social life and commercial life also introduces discussions on the scope of freedom of speech, protection of private life, freedom of communication rights and a secure e-commerce.

2014 was a year for Turkey where new laws and regulations were introduced in parallel to the growth of internet usage. This trend seems to be continuing in 2015.

(i) Internet Law:

In 2014, the Law on Regulation of Broadcasts and Publications Made Online and Regarding the Countering of Crimes Committed via These Broadcasts and Publications numbered 5651 (Internet Law) was amended three times. The amended Internet Law was expected to provide solutions to some of the deficiencies existing in the application and scope of the Internet Law. However, even though some expectations were satisfied, the amendments introduced severe restrictions and provided a vague authority to the Presidency of the Telecommunications Authority (the Presidency) which could be open to misuse and thus became a matter of debate in Turkey. As a result, certain provisions of the Internet Law were cancelled by the Constitutional Court on January 1 2015.

Under the Internet Law, in principle, blocking of access to content can be imposed by judge/prosecutor during investigation or by a court during prosecution proceedings for catalogue crimes determined under the Law. Special authorization is also granted to the Presidency to block access to content in cases where a content or hosting provider resides abroad or when the content relates to child abuse or pornography.

With the amendments, the Presidency had been granted further authority for the blocking of access in cases where further passage of time will be detrimental to the protection of national security and public order or preventing of committing a crime. However, the Constitutional Court cancelled the authority of the Presidency in this respect considering that as an administrative body, the Presidency cannot be empowered with an authority; the scope, purpose and details of which is not determined and which can lead to having disproportionate powers that bear the risk of hinder freedom of speech, communication and information rights.

The amendments to the Internet Law also introduced blocking of access to content upon a request by persons whose personal rights are breached. The competence to determine such a breach has been vested in the courts. Furthermore, persons alleging violation of their privacy are granted the right to apply directly to the Presidency for the blocking of access to content. This authority given to the Presidency with regards to the violation of privacy has been a controversial issue, particularly in light of concerns relating to the freedom of speech.

The Constitutional Court found the continuing tendency of the Presidency and the Turkish Courts blocking access to entire web sites based on violation of the Internet Law – as seen in the recent blocking of access to the websites Youtube and Twitter in 2014 –to be contrary to the provisions of the Internet Law that state it is necessary to first impose a blocking order relating only to the specific offending URLs. Thus, the Constitutional Court eventually ruled that these examples of blocking of access to an entire website was disproportionate and thus was a breach of constitutional rights.

The other problematic amendment introduced to the Internet Law was the authority granted to the Presidency to collect traffic data from content, access and hosting providers without the necessity of a court order authorizing such collection. This authority was also cancelled by the Constitutional Court.

(ii) E-Commerce Law:

Turkey's long-awaited Law No. 6563 on the Regulation of Electronic Commerce (the E-Commerce Law) was published in the Official Gazette on November 5, 2014 and will enter into force on May 1 2015.

Before the E-Commerce Law, Turkey did not have specific legislation regulating e-commerce, other than the Law on the Protection of Consumers numbered 6502 where on-line sales were defined within the scope of long distance sales. However, the specifics of on-line sales and e-commerce necessitated further rules and regulations. This was especially problematic given that Turkey also lacks specific data protection legislation.

The E-Commerce Law regulates electronic commercial communications, liabilities of service providers and intermediary service providers, contracts concluded by electronic means, information to be provided regarding electronic commerce activities and sanctions to be imposed for non-compliance. The E-Commerce Law is prepared in parallel with the EU Directive on E-Commerce (numbered 2000/31/EC). Under the EU Directive on E-Commerce, there are categories of contracts for which e-commerce is not applicable. Under Turkish law, certain contracts are also subject to formation formalities, thus e-commerce would not be suitable to all type of contracts.

The two main points to note about this legislation are that, first; it sets forth matters to be taken into account in the contracting process. Similar but much more detailed provisions already exist in Turkey's consumer legislation, so where the recipients of electronic communication are also regarded as consumers, the two sets of rules must be read in conjunction. Second, the new rules envisage both opt-in and opt-out requirements, making it a highly consumer-friendly regime.

(iii) Draft Law on Protection of Personal Data:

The draft Law on Protection of Personal Data has been on the agenda of Turkey for over a decade. In the absence of a general data protection regime, data protection has been covered by provisions of the Turkish Constitution, the Turkish Criminal Code and the Turkish Civil Code, in general aspects. Furthermore, various Ministries and Authorities have introduced or are in process of introducing data protection rules for the relevant sectors within their remits.

On December 26 2014, the Draft Law on Protection of Personal Data (Draft Law) has been submitted to the approval of the Parliament. The Draft Law is aimed to be in parallel with the EU Data Protection Directive (95/46/EC). Under the Draft Law, collection and process of personal data, transfer of personal data to abroad is regulated. Sensitive personal data is defined. Data registry system will be in place where data processors, controllers must be registered with the registry before processing data. The Draft Law also introduces heavy administrative fines for data breaches.

It is hoped that the long-awaited draft law comes to the agenda of the Parliament before the general elections in mid 2015 and does not become obsolete as it happened to previous draft laws.