Previous Page  415 / 522 Next Page
Information
Show Menu
Previous Page 415 / 522 Next Page
Page Background

General Principles with regard to personal data processing, among

which are lawfulness and compliance with the principle of good faith;

correctness and actuality; being specific, explicit and legitimate in pur-

pose, and connectedness with the purpose for which the data is being

processed, being limited and proportional while doing so; and finally,

retaining the data no longer than necessary. In comparison, Art. 5 of the

Directive stipulates very similar principles for data protection, except

that such principles are explained somewhat more in detail.

In accordance with Art. 6 of the Draft Law, the special kind of per-

sonal data, in other words, sensitive data, shall only be processed under

exceptional circumstances. In this vein, Art. 7 of the Draft Law pre-

supposes that although processed lawfully, provided that the reasons

which led to the processing of any given data has disappeared, such

data shall be erased, destroyed or made to be anonymous, either

ex

officio

, or upon the data subject’s request. Furthermore, Art. 8

introduces limitations as to the transfer of personal data, and makes it

conditional to the fulfillment of certain criteria also set forth by the

same provision. Art. 10 fills an important gap in the personal data

protection scheme by regulating the rights of the data subject, including

the right to request information on whether his/her personal data exists,

has been subject to processing, transferred, or correction requested of

any personal data, etc. In addition, the same article also bestows the

right to claim damages arising from the unlawful processing of per-

sonal data.

Part VI of the Draft Law provides for the establishment of a

Personal Data Protection Board (“Board”) that will oversee the imple-

mentation of the Draft Law. Moreover, a registry of data responsibili-

ties shall be established under Art. 15 of the Draft Law, to which the

parties who are responsible for processing any personal data shall be

registered. The personal data protection is supervised by the European

Data Protection Supervisor (“EDPS”), which is an independent super-

visory authority at the EU level

6

.

Art. 16 of the Draft Law makes reference to the provisions of the

Turkish Criminal Code; whereas, Art. 17 sets forth certain misde-

MISCELLANEOUS

399

6

For more information on EDPS, please see:

https://secure.edps.europa.eu/EDPSWEB/edps/

EDPS (date of access: 30.12.2015).

1 410 411 412 413 414 415 416 417 418 419 420 421 522  FlippingBook