Turkiye: Introduced Personal Data Protection Act including cross-border data transfer

On 26 December 2014, the Personal Data Protection Act, including cross-border data transfer, was introduced in the Grand National Assembly of Turkiye. In particular, the Act specifies conditions under which the data transfer to other jurisdictions would be allowed. The Act requires entities to obtain users' consent. Without consent, the entities would be allowed to transfer data based on an adequacy decision by the Personal Data Protection Board. In the absence of an adequacy decision, the entities would have to obtain permission from the Personal Data Protection Board including if they sign a contract including commitments for adequate protection of the data abroad.