The draft law on the Protection of Personal Data — which envisages granting sweeping new powers to the intelligence services allowing them to process and archive personal data and threatens the flow of data between Turkey and the EU, has been accepted in parliament.
The draft legislation, received criticism in the past as it paves the way for mass archiving of personal data by the National Intelligence Organization (MİT), the gendarmerie and the police force — regardless of judicial investigations — and violation of the rights of citizens who have had their personal data collected by government institutions.
Also with a last-minute amendment by Justice and Development Party deputies, the law will mean that no personal data will be shared with other countries will be subject to the permission of the Personal Data Protection Board which will operate under the Ministry of Justice.
Two of the nine members of the Personal Data Protection Board will be appointed by the president, five members appointed by parliament and two members appointed by the cabinet.
The amendment requiring the permission of the Board before sharing personal data with other countries, came immediately after Reza Zarrab, an Iranian businessman who was at the epicenter of the graft probe revealed on Dec. 17, 2013, was recently arrested in the US on charges of circumventing a US-imposed embargo on Iran.
Zarrab, who was accused of being the ringleader of a money-laundering and gold-smuggling ring in Turkey established to circumnavigate sanctions against Iran, was among 21 people — including the sons of three then-ministers, a district mayor and other high-profile figures — who were arrested as part of the operation that went public on Dec. 17, 2013 in a series of simultaneous police raids.
There are fears that the EU may feel reluctant to share intelligence with Turkey in the face of the unrestrained ability of Turkish intelligence agencies to collect information regarding citizens’ personal lives.
Turkey does not currently have a specific data protection law. However, Turkey is a signatory to the Council of Europe’s Strasbourg Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Data Processing Convention) of 1981, although it has not ratified it.
According to the draft, the supervisory Personal Data Protection Board Data classified as “state secrets” will not be sent to the Personal Data Protection Board.