Pursuant to Article 16 of the Code No. 6698 on the Protection of Personal Data, real persons or legal entities processing personal data shall register with the Data Controller’s Registry before processing.More
| Reading Time: 2 Minute(s)
Personal Data Protection Authority’s Guide
The Guide of The Personal Data Protection Authority
General Evaluation regarding Personal Data Protection Authority’s (“Authority”) Guide titled “The Evaluation of the Right to be Forgotten Within the Scope of Search Engines,” dated 20.10.2021
National and international law developments are touched upon in Authority’s guide titled “The Evaluation of the Right to be Forgotten Within the Scope of Search Engines,” dated 20.10.2021.
Additionally, the criteria to be considered for evaluation about whether or not to remove search-engine results from the index within which search was carried out by using people’s names and surnames are as follows:
- The data subject is played an important role in public life,
- A child being of a search subject,
- The accuracy of the content of the information,
- Relevance of information to data subject’s working life,
- Information having insulting, defamatory or slanderous nature about the data subject,
- Information having the nature of sensitive personal data,
- Currency of information,
- Information causing prejudice about the person,
- Information posing a risk to the person,
- The status of the information whether to be published by the person themself,
- Content being covered with data that is processed in the context of journalism,
- Existence of legal obligation for publishing information,
- Information is related to a criminal offence.
In addition to these criteria, in terms of the methods of claiming rights/legal remedies by data subjects, they must apply to the data controller who processes their personal data before filing a complaint to the Authority within the framework of the right to be forgotten according to Article 13 of Personal Data Protection Law (“Law”) titled as “Application to Data Controller.”
Application methods for the data subject while applying to the data controller are determined in Article 5 of the Law titled “Application Procedure.” Accordingly, data subjects will be able to transmit their requests which are within the scope of their rights specified under Article 11 of the Law in writing or registered electronic mail (REM) address, via secure electronic signature, mobile signature, or by using electronic mail address which was previously notified to the data controller by them and registered in the system of the data controller, or by means of a software or application developed for application purposes.
Also, in the application made to the data controller, it is obligatory to have the name, surname, and signature if the application is in writing, TR identification number for the citizens of Turkish Republic (TR), for foreigners nationality, passport number, or identification number if any, place of residence or business address for notification, electronic mail address if any for notification, telephone, and fax number as well as the subject of the request. For this reason, regarding the right of the data subjects to be forgotten, it is stated in the guide that it is necessary to apply to search engines first.
If the application made to the search engines remains inconclusive/becomes unsuccessful, the data subjects may submit their complaint to the Personal Data Protection Board (“Board”). Pursuant to Article 14 of Law titled as “Complaint to the Board,” the data subjects can make a complaint to the Board within thirty days from the date of learning the answer of the data controller and in any case within sixty days from the date of application if the data controller rejects the application, the response given to the data subject is insufficient, or the data subject is not answered.
Article Keywords: Personal Data Protection, Personal Data Protection Law.