This is the seventh article in our series covering cyber laws of various countries. The previous article presented an overview of cyber crime and laws in Denmark. This article features Turkey, the first Middle East country in the series. Turkey stands at the 54th rank in the Human Development Index. The country has a moderate crime rate of around 39%. Just like other countries, Turkey is not alien to the menace of cyber crime.
According to January 2020 estimates, Turkey has a total population of 84 million, and around 73.4% (62 million) are internet users. In other words, three out of four people have internet access in the country. The country witnessed an increase of 2.4 million internet users from 2019 to 2020. With over 77.39 million connections, 92% of the Turkish population has mobile phones. It is expected that Turkey will have 69 million internet users by the end of the year 2024. The most popular platforms include YouTube, Instagram, and WhatsApp.
Cyber Laws in Turkey
1. The Turkish Penal Code, 2004
Part 10 of the Turkish Penal Code, 2004 discusses offences related to data processing systems.
- Article 243: Unlawful access to a computer system attracts imprisonment of one year or a fine. Imprisonment will vary between 6 months to 2 years if an accused deletes or alters any data through unlawful access.
- Article 244: Preventing any data processing system’s functioning will result in imprisonment of one to five years. Anybody who deletes, alters, corrupts, bars access to, adds new data, or sends data to someone else will be imprisoned for six months to three years. The penalty increases by half if an individual breaks into a public institution or bank’s data processing system.
- Article 245: This provision covers cases where an individual benefits by obtaining or retaining somebody’s bank account or credit card and allows it to be used without the account holder’s permission. It prescribes imprisonment of three to six years along with a judicial fine of up to 5000 days. It exempts the following situations:
- Spouse of a marriage with no decree of separation,
- Direct antecedent/descendant, adoptive parent, or adoptive child, and
- A sibling who resides at the same place.
However, if an individual produces, sells, transfers, purchases, or receives a fake credit card, the imprisonment ranges from three to seven years with a judicial fine of 10,000 days. (Article 52 of this Code provides for calculating judicial fine in terms of the number of days).
2. Law on the Protection of Personal Data, 2016
Based on EU GDPR, this law establishes the National Data Protection Authority and the Personal Data Protection Board in the country. It defines personal data as any information which helps in the identification of an individual. Sensitive personal data includes information about race, origin, religion, sect, health, etc. It lays down the following principles for data processing:
- Fair and lawful processing
- Accurate and up-to-date storage of data
- Processing only for specific and legal purposes
- Collection of relevant data
- Storing personal data only for the required time
A data subject’s consent is mandatory for the collection and processing of their personal data. The law recognises certain exceptions, including instances permitted by law such as protection of life. In October 2017, Turkey published a regulation on Deletion, Destruction, or Anonymization of Personal Data. This regulation came into effect on January 01, 2018. It deals with deletion, destruction, and anonymity of personal data.
Turkey has sufficiently invested in technology, which is clear from the statistics we saw at this article’s beginning. However, laws focusing on technology-facilitated crimes must evolve with time. At present, it is apparent that the country does not have a comprehensive framework for this subject-matter. It needs stringent laws to efficiently deal with cyber crimes.
To contribute to our blog and knowledge base, write to us at email@example.com and elaborate on how you can help create a safer cyber space.