Data Privacy Detective Podcast – Episode 78: Data Localization, The Case of Turkey – Privacy


Turkey: Data Privacy Detective Podcast – Episode 78: Data Localization, The Case of Turkey

To print this article, simply register or connect to

Turkey is the first stop 2022 of our global data localization tour. What is Turkey’s approach to cross-border transfers of personal data concerning its citizens and residents?

Turkey’s personal data protection law is comprehensive and similar to the old European Union data protection directive, although it differs in some respects. Data localization is not part of this existing Turkish law. Instead, Turkey is taking a sectoral approach to the cross-border collection and processing of the personal data of its residents. Turkish banks must collect and store data from Turkish customers in Turkey. Data localization requirements apply to payment and e-money institutions, forcing companies like Paypal or Venmo to locate a payment system in Turkey and comply with Turkish data privacy regulations. Social media providers must register and report Turkish social media users to Turkish authorities every six months.

In August 2021, the Turkish Data Protection Authority (KVKK) proposed to amend Turkish law to allow cross-border data transfers if it makes an adequacy decision regarding another country. But unlike the GDPR, the amendment would require the foreign country to be reciprocal in its data privacy laws, a unique approach that goes beyond adequacy. If adopted, the KVKK approach would encourage multinational companies to use Turkey-based servers and a Turkish subsidiary to gain broad access to the Turkish market, but allow flexibility through binding corporate rules and notification to customers. Turkish authorities of a standard commitment.

Tune in to Episode 78 for how and why Turkey can align with evolving European standards instead of the more authoritarian and protectionist rules evident in China, Russia and India.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR POSTS ON: Turkey’s Privacy

Cooley Privacy Talks: UK Privacy Update

Cooley LLP

After Brexit, the UK is no longer a member state of the European Union, which means that the data protection regime that applies to UK-related processing is separate from that of …


Comments are closed.