Contributors Unsal Law

The importance of privacy has increased due to the significant increase in data processing methods and activities along with rapid technological developments and globalisation. As a result, many countries and regions have adopted privacy laws to ensure harmony for the protection of the personal data of individuals.

European Parliament has finally passed the long debated and much anticipated MiCA, the comprehensive crypto assets and markets legislation on 20.04.2023. Since MiCA is a regulation rather than a directive, it will apply directly across 27 states and achieve maximum uniformity among the EU member states.

Avrupa Parlamentosu, 20.04.2023'te kripto varlık ve piyasalarını düzenleyen MiCA yönetmeliğini onayladı. 27 AB üyesi ülke için geçerli olan MiCA, kripto varlıkları üç kategoriye ayırarak standartlar belirliyor ve kripto varlık hizmet sağlayıcıları için düzenlemeler getiriyor. MiCA'nın amacı, AB çapında tek tip bir kripto varlık düzenlemesi sağlayarak, yasal belirsizlikleri ve rekabet dengesizliklerini azaltmak ve piyasa katılımcılarının AB genelinde faaliyet göstermek için tek bir lisans almalarına olanak tanımaktır. Bu düzenleme, Türkiye'de kripto varlık mevzuatı için de referans alınabilecek önemdedir.

MiCA, the European Union's Markets in Crypto-Assets Regulation, applies to natural and legal persons engaged in issuance, offer to the public, and admission to trading of crypto-assets, or that provide services related to crypto-assets in the EU. The regulation does not apply to entities and persons that provide crypto-asset services for their parent companies and subsidiaries, national central banks of the EU member states when acting as a monetary authority, or public international organizations. Non-EU firms providing crypto-asset services to EU clients must obtain authorization in the EU. MiCA defines crypto-assets as a digital representation of a value or right that can be transferred electronically, and classifies them into three categories based on risks. CASPs must meet specific requirements based on the type of service they offer and the risks associated with each.

MiCA introduces a comprehensive set of guidelines for those seeking to issue, offer, or list crypto-assets. It is crucial to have a comprehensive understanding of these requirements as non-compliance could result in significant consequences.

The fintech landscape in Turkey encompasses various types of fintech businesses, such as payment systems, digital banking, decentralized finance, insurance technologies, and more. The market has seen significant growth, with over 600 active fintech companies reported as of February 2023. The COVID-19 pandemic has accelerated the adoption of digital financial services, particularly contactless payments and online banking. There is also a growing focus on sustainable finance, and regulatory agencies support fintech development. Crypto asset usage for payments is prohibited, but crypto exchanges are currently allowed to operate. Incentive schemes and funding options are available, including angel investors, venture capital, and government loans. IPOs and acquisitions have occurred in the fintech sector. Regulatory frameworks exist for electronic money institutions, payment systems, digital banking, and other fintech activities. Specific regulations for cryptocurrencies or crypto assets are currently under development, and a regulatory sandbox is being established for fintech testing.

In Turkey, the collection, use, and transmission of personal data are regulated under the Personal Data Protection Law (KVKK). Fintech businesses must comply with the KVKK's requirements for lawful and transparent data processing, explicit consent, and security measures. The KVKK applies to organizations established outside Turkey if they process personal data of individuals in Turkey. Data privacy violations may result in administrative fines, criminal sanctions, and civil liability. Fintech businesses must also adhere to cyber security regulations, including data protection and AI strategies. AML and financial crime requirements apply to crypto asset service providers.

The EU-US Data Privacy Framework received an adequacy decision by the European Commission on 6th July 2023. The decision allows the transfer of personal data between the EU and the US under certain requirements. However, concerns remain about the effectiveness and implications of the Framework. It follows previous agreements like Safe Harbor and Privacy Shield, which were invalidated by the CJEU due to concerns over US surveillance practices. Organizations must be vigilant about developments and adhere to data protection regulations for secure data transfers.

In the telecommunications sector, Turkey's Information and Communication Technologies Authority (ICTA) establishes and protects competition, imposing obligations on operators with market power. Predatory pricing and hindering competitors are prohibited. The ICTA conducts market analysis and can impose obligations and fines on operators. Unfair competition provisions apply to internet activities, including domain names and advertising. Media broadcasting content must not serve unfair interests, and measures prevent media monopolization. Social media influencers must comply with advertising guidelines. The Competition Authority collaborates with sectoral regulators, but its powers do not extend to overseeing other public institutions. Data security measures are mandated for telecommunications operators and ISPs. Cybersecurity measures exist, particularly for critical infrastructure sectors. Legislative reforms are expected, including amendments to the data protection law. TMT players should be aware of licensing requirements and consider the regulatory landscape.

In Turkey, telecommunications operators require permission from the ICTA to transfer shares of 10% or more and must inform the ICTA for transfers below 10%. Mergers and takeovers also require ICTA permission, and operators must comply with application requirements. The ICTA regulates interconnection, numbering, and allocation of frequencies. Universal service obligations include fixed telephony, emergency calls, basic internet, and more. Interconnection fees are determined by the ICTA. Number portability is available, and operators must provide it. Retail customer charges and terms are subject to regulation by the ICTA.

In Turkey, provisions for high-speed broadband are governed by the Electronic Communications Law. Net neutrality regulations are not specific, but non-discriminatory provision of electronic communication services is ensured. ISPs may block websites for specific crimes. The use of VPNs is not prohibited, but restrictions exist. ISPs are not liable for offending content unless they fail to block it. Digital platforms are regulated under various laws. Public broadcasters are governed by the TRT Law, and commercial broadcasters require licences from the RTSC. Competition regulations apply, and mergers/acquisitions require approval. Challenges include competition protection and fair practices.

Authorizations and licenses required for operating in the telecommunications, internet, media, and social media sectors vary. In telecommunications, two types of permissions are needed: notification to the ICTA and right-of-use authorization. Internet providers must notify the ICTA, while ISPs require ICTA authorization and membership in the Access Providers Association. Media providers must obtain broadcasting licenses from the RTSC. Social media services do not require specific licenses. The application process involves submitting necessary documents, and ongoing compliance is monitored. Penalties may be imposed for violations. Authorizations/licenses have different durations and can be renewed or transferred with regulatory approval.

The legal and enforcement framework for telecommunications, internet, media, and social media in Turkey is governed by various legislative and regulatory provisions. In the telecommunications sector, the Electronic Communications Law (5809) regulates the provision of services, infrastructure, equipment, and scarce resources. The Internet is governed by the Law on Regulation of Publications on the Internet (5651), along with other regulations and the recently introduced Anti-disinformation Law. Media is regulated by laws such as the Law on the Establishment and Broadcasting Services of Radio and Television Enterprises (6112), and social media falls under the supervision of the Information and Communication Technologies Authority (ICTA) and is subject to the Anti-disinformation Law. The key enforcement bodies are the ICTA, Ministry of Transport and Infrastructure, Radio and Television Supreme Council (RTSC), and the Competition Authority. Restrictions on foreign ownership and specific authorizations and licenses vary across these sectors.

Real estate tokenization is a thriving business model, offering fractional ownership, liquidity, and accessibility through blockchain technology. Properties are represented as digital tokens, either as ownership interests in a company or directly on the title deed registry. Tokens can provide additional rights like profit-sharing and voting. Legal considerations vary by jurisdiction, including licensing, data protection, and securities regulations. While Turkey's regulatory framework is evolving, it presents opportunities for real estate tokenization. Buyer protection, compliance, and informed decision-making are crucial. Advancements in technology and regulations, such as MiCA, hold promise for the future of real estate tokenization, increasing transparency and efficiency.

Ünsal Law Firm has announced that applications for the 2023–2024 legal internship period are now open.Ünsal Law Firm offers services in many practice areas and provides services to leading international and local private and listed companies, financial institutions, joint ventures, venture capital, priva...