Legal Bulletin February 13–26, 2025

July 9, 2025

📌 KEY LEGAL DEVELOPMENTS The Personal Data Protection Authority published the “Guide on the Processing of Special Categories of Personal

📌 KEY LEGAL DEVELOPMENTS

The Personal Data Protection Authority published the “Guide on the Processing of Special Categories of Personal Data.” The guide contains detailed explanations about the definitions of special categories of personal data, conditions for transfer, and the necessary precautions to be taken.

The Competition Authority completed its investigation regarding Frito Lay Gıda Sanayi ve Ticaret A.Ş. The Authority decided that the company violated the Law on the Protection of Competition by obstructing competitors’ activities at retail points of sale, and imposed an administrative fine of 1.365 billion TRY along with precautionary measures.

The Competition Authority published the “Guideline on Administrative Fines Imposed in Cases of Anti-Competitive Agreements, Concerted Practices, and Abuse of Dominant Position.” The guideline provides detailed explanations on the implementation of the Regulation on Administrative Fines Regarding Anti-Competitive Agreements, Concerted Practices, and Abuse of Dominant Position.

The Ministry of Trade shared information about the files resolved in the meeting of the Advertising Board held on February 14, 2025. Out of 205 files, it was decided to impose suspension penalties on 183 files and a total administrative fine of 30 million TRY.

The Competition Authority decided to impose an administrative fine of 1.3 billion TRY on Birleşik Mağazalar A.Ş. due to obstruction of an on-site inspection. According to the announcement from the Authority, a company manager deleted data during the on-site inspection at the firm’s headquarters, constituting a violation.

The “Climate Law Draft” was submitted to the Grand National Assembly of Turkey. The draft aims to reduce greenhouse gas emissions and institutionalize climate change adaptation within a framework aligned with the 2053 net zero emissions target. The draft includes mechanisms such as Emission Trading System, carbon market, green investments, and administrative sanctions.

🔒 DATA BREACH NOTIFICATIONS

In the personal data breach notification made to the Personal Data Protection Board by Asilkar Hızlı Kargo Taşımacılık Ticaret A.Ş., it was reported that unauthorized person(s) obtained usernames and passwords of system users and accessed the terminal servers of Ajannet Bilişim Hizmetleri Sanayi Ticaret Ltd. Şti. remotely. The breach started on January 30, 2025, and was detected on February 3, 2025, via WhatsApp. Only the names and surnames of 16 employees/users stored as file names were accessed without authorization. Since the unauthorized access was limited to the terminal server, data in the files could not be accessed via the program without additional usernames and passwords. Ajannet Bilişim Hizmetleri Sanayi Ticaret Ltd. Şti. informed the data controller that “…the captured data may include cargo recipient name, surname, address, and shipment content information…

July 1, 2025

Legal Obligations of Cyber Security Companies Within the Framework of Cyber Security Law

With the Cyber Security Law (“Law”), which entered into force on March 19, 2025, a comprehensive legal framework regulating

May 17, 2025

Sermaye Piyasası Kanununda Değişiklik Yapılmasına Dair Kanun Teklifine İlişkin Bilgi Notu

SERMAYE PİYASASI KANUNUNDA DEĞİŞİKLİK YAPILMASINA DAİR KANUN TEKLİFİNE İLİŞKİN BİLGİ NOTU Kripto Varlık Yasası olarak da bilinen, Sermaye Piyasası

March 13, 2025

Information Note on Cyber Security Law

INFORMATION NOTE ABOUT THE CYBER SECURITY LAW The Cyber Security Law (“Law”) was accepted by the TBMM General Assembly