2022 was another year full of developments in the legal sphere in Turkey. When we look back at 2022, we see that legislators in the Republic of Turkey – as well as in other countries – took steps to regulate digital services and markets, as their impact and growth during and following pandemic was remarkable. Further, the Turkish Data Protection Authority published guidelines and principal decisions throughout the year; and the long-awaited TRABIS is finally live. In order not to miss out on any, we have chronologically laid out a select group of main changes in 2022.

  • The Regulation on the Operation Principles of Digital Banks and Service Model Banking was published in the Official Gazette on 29 December 2021 and entered into force on 1 January 2022. The regulation is paving the way for banks that provide services only through digital channels without any physical branches and set forth the operational principles for branchless banks as well as principles for service model banking.
  • The Turkish Personal Data Protection Authority published The Public Announcement on Technical and Administrative Measures Recommendation to Data Controllers on User Security on 15 February. With the announcement, concrete examples and best practices of administrative and technical measures are provided.
  • The Final Report on the E-Marketplace Platform Sector Inquiry, which is about the online shopping trend increasing as a result of technological developments and digitalization and determine and find solution to the competition problems that have arisen or may arise in the e-commerce sector, was published by the Turkish Competition Authority on 14 April and within this report, the problems were determined, and policy recommendations were set out.
  • The Public Announcement about the Data Controller Registry (VERBIS) was made by the Turkish Personal Data Protection Authority on 21 April, stating that for data controllers that do not fulfill the obligation to register with VERBIS, administrative sanctions will be applied.
  • The Regulation on Sharing Secret Information, issued by the Turkish Banking Regulation and Supervision Agency within the scope of the Banking Law No. 5411, entered into force on 01 July and it determines the scope, form, procedures, principles and restrictions on sharing and transferring bank customers’ secrets.
  • The Law No. 7416 Amending the Law on the Electronic Commerce Regulation was published in the Official Gazette dated 07 July and defined the terms “electronic commerce tool service provider”, “electronic trade service provider”, “electronic trade environment”, “electronic trade marketplace”, “electronic trade information system”, “net transaction volume” and “economic integrity”. Along with other obligations, the obligation to obtain a license is determined for the electronic commerce service providers and intermediary service providers by their net transaction volume and transactions number.
  • The Guideline for the Banking Industry on the Best Practices for the Personal Data Protection was published by the Turkish Personal Data Protection Authority on 05 August. The guideline sets out many best practice examples related to personal data processed in the banking sector.
  • The Regulation on Amending the Distance Sales Contracts Regulation was published in the Official Gazette dated 23 August and the regulation stipulates changes regarding the intermediary service providers, the right to withdraw, and the obligation of preliminary notification for contracts made online.
  • In September, the Central Bank of the Republic of Turkey published the Guideline on Associating Business Models in the Payments Area with Payment Service Types, which includes explanations regarding payment services and electronic money issuance, for which an operating license must be obtained from the Central Bank, and business models in the field of payment services.
  • the .tr Network Information System (TRABIS), which allows the management of “.tr” domain names, started its operations on 14 September.
  • The Regulation on Collecting, Storing and Sharing Insurance Data, prepared by the Insurance and Private Pension Regulation and Supervision Authority within the scope of the Insurance Law No. 5684, was published in the Official Gazette and entered into force on 18 October. The regulation determines the scope, form, procedures, and principles regarding the processing, sharing, and transfer of insurance data.
  • The Amendment Law on the Media Law and Other Laws was published in the Official Gazette on 18 October. The law amended several laws, in particular: (i) the Press Law No. 5187, (ii) the Electronic Communications Law No. 5809, and (iii) the Law on the Regulation of Internet Publications and Prevention of Crimes Committed through these Publications No. 5651. Particularly, the law incorporated significant amendments to the Electronic Communications Law w. no. 5809 and added the definition of the “over-the-top service” (OTT) as “interpersonal electronic communication services within the scope of audio, written and visual communication, presented to subscribers and users with internet access, independently from the operators or the provided internet service, via a software open to the public”.
  • The Main Statute of the E-Sports Federation was published and entered into force on 18 November and determined the details and boundaries of the federation’s powers and duties, allowing the federation to gain an independent structure.
  • The Regulation on Electronic Commerce Intermediary Service Providers and Electronic Commerce Service Providers, which was published in the Official Gazette on 29 December, regulates the obligations of electronic commerce intermediary service providers and electronic commerce service providers, unfair commercial practices, illegal content, intermediation agreement, electronic commerce license and other issues related to electronic commerce.

Authors: Burak Özdağıstanli, Sümeyye Uçar, Ebru Gümüş