PDPL Amendments on the Agenda of Türkiye’s FDI Strategy

The Investment Office of the Presidency of the Republic of Türkiye published the Türkiye Foreign Direct Investment (“FDI”) Strategy (2024-2028) (“Strategy”) on 29 July 2024. The Strategy is intended to provide a roadmap for attracting qualified investments to Türkiye in order to achieve Türkiye’s economic development goals. The Strategy states that Türkiye is one of the first economies that draws attention for FDI flows thanks to its geostrategic position and qualified labor force. This characteristic has been further strengthened by the steps taken to improve the investment climate, especially in the last 21 years, and in this respect, Türkiye has become one of the leading destinations for FDI flows. In this context, the main objective is to increase Türkiye’s share of global FDI flows through qualified FDI projects. Policies and actions to be implemented in line with the Strategy were also published.

The Strategy sets out six policies under the headings and topics of (i) investment climate and competitiveness, (ii) green transformation, (iii) digital transformation, (iv) global value chains, (v) talent pool and (vi) communication and promotion. The digital transformation policy, which covers plans and targets for future changes in terms of personal data protection legislation, sets out a total of nine policies, including three main policies. These three main policies are as follows:

 

Policy on international standards, data policies and legal regulations

In order for Türkiye to meet international standards in digital transformation, it is aimed to ensure full compliance with the European Union (“EU”) in data policies and legal regulations. In this context, three actions, which are closely related to the personal data protection legislation, have been identified.

Firstly, it is aimed to ensure full compliance of the Personal Data Protection Law No. 6698 (“PDPL”) with EU data protection regulations, in particular the European Union General Data Protection Regulation (“GDPR”). In addition, it is stated that the works for the compliance process with the EU legislation will be carried out.

Regarding the such action plan, it would be useful to mention the amendments in the PDPL in 2024. The amendments to the PDPL, which was introduced as the first stage of compliance with the GDPR and other EU data protection regulations, entered into force on 1 June 2024. With the amendment to the PDPL, new provisions have been introduced in the conditions for the processing of special categories of personal data and the procedures for the cross-border personal data transfer.

In addition, the Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad, which entered into force on 10 July 2024, and the standard contractual clauses and binding corporate rules published by the Personal Data Protection Authority on the same date, made arrangements in the procedures for the cross-border personal data transfer in parallel with the GDPR. Considering the Strategy and action plans, it is seen that full compliance with the GDPR and other EU regulations is aimed. In this regard, the amendments that will fully comply with the GDPR will be achieved in 2024-2028, as envisaged in the Strategy.

Along with the targets for the PDPL in the Strategy, it is planned to implement regulations in the field of cybersecurity with the Strategy. In this regard, it is stated that legal arrangements will be made in the field of cybersecurity by taking into account the EU’s Network and Information Security Directive and the best practices in the international area. In particular, it is stated that security regulations will be made regarding the internet of things (“IoT”) and it is aimed to conduct cyber security scans regarding the IoT.

On the other hand, it is stated that efforts will be made to include remote signature services in the Electronic Signature Law No. 5070 and the related secondary regulations, and it is targeted that efforts will be carried out to raise awareness of the issue in the private sector and public institutions.

Finally, in terms of the personal data protection legislation, the Policy aims to present the need for amendments to the PDPL to the Grand National Assembly of Türkiye.

 

Strengthening physical digital infrastructure

Secondly, it is aimed to strengthen Türkiye’s physical digital infrastructure to attract qualified FDI projects in Türkiye. The action plans within this scope are as follows:

The development of domestic companies offering existing data center services will be encouraged and mechanisms will be established to enable competition. In addition, domestic production of 5G base stations will be supported and infrastructure deficiencies will be eliminated. Finally, the establishment of broadband infrastructure will be encouraged in regions with underdeveloped infrastructures, and Türkiye’s internet speed will be increased through the development of fiber infrastructure.

 

Development of emerging technology areas

All policies and action plans that have been explained, especially the planned amendments to the PDPL, demonstrate that Türkiye is following the EU in terms of technological developments. The implementation of the declared action plans will lead to a more EU-compliant Türkiye by 2028. Although it is not known exactly which of the action plans will be realized, keep following us to be informed about the further developments.

 

Conclusion

All policies and action plans announced, especially the planned amendments to the LPPD, show that Türkiye is following the EU in terms of technological developments. With the implementation of the announced action plans, steps will be taken for a more EU-compliant Türkiye by 2028. Although it is not known exactly which of the action plans will be realized, stay tuned for further updates.

 

For detailed information, you may reach us:

EBRU TEMİZER

IRMAK SEYMEN VARAT

SERAY APAK

EFE UTKU ÇAL

SEE More