A long-awaited new data protection law came into force in Turkey on Thursday, just days after it emerged that private details about some 50 million citizens had been leaked.
The legislation has been in the works for more than a decade as EU-hopeful Turkey tries to align its guidelines on the use of private information with European Union rules.
Until now, Turkey did not have one specific law governing the use of personal data.
The law signed by Turkish President Recep Tayyip Erdogan sets a definition for personal and sensitive data, lays out firms’ responsibilities in managing information and regulates the international transfer of data.
The legislation stipulates that data cannot be processed or transferred abroad without the individual’s explicit consent and establishes a dedicated data protection authority.
The law comes after hackers this week posted online a massive database containing the names, identity numbers, addresses and other personal information of a large chunk of Turkey’s 78 million citizens, exposing them to identity fraud.
Ankara federal prosecutors on Wednesday opened an investigation into the data spill, while the country’s communications and justice ministers suggested political foul play.
Transport and Communications Minister Binali Yildirim blamed the leak on a network run by Erdogan’s arch-foe, the US-based cleric Fethullah Gulen often accused of running a parallel state aimed at usurping Erdogan.
“People who do things like this will have to give account for what they have done. Previously, there was no legal framework,” he said Wednesday.
As well as being crucial for Turkey’s hoped-for EU accession process, experts say the law is also key for co-operation with the EU on issues of refugees and terrorism.
“Issues have arisen about how to handle refugees’ data, who is a refugee and who is not, and how to share this information with the EU,” Akin Unver, assistant professor at Kadir Has University told Hurriyet daily in February after the bill was presented to parliament.