Turkish Data Protection Board Decision: Confidentiality Obligations of Banks

24.01.2024

In its decision dated June 15, 2023 and numbered 2023/1050, the Turkish Personal Data Protection Board (“Board”) evaluated a complaint regarding a bank’s failure to fulfill a customer’s request to provide the transcript of the conversation between the bank’s customer representative and the customer.

In summary, the customer (“Data Subject”) argued that the bank (“Data Controller”) failed to provide information regarding the Data Subject’s stolen personal data, as their virtual card had been copied. In this regard, the Data Subject requested from the Data Controller the voice recording or the transcript of their conversation with the customer representative, in line with the data subject rights under the Personal Data Protection Law No. 6698 (“DPL”). However, in its defense, the Data Controller denied the Data Subject’s request and did not share the voice recording or the transcript of the conversation due to the provisions of the Banking Law No. 5411 (“Banking Law”) and the Regulation on Sharing of Secret Information (“Regulation”).

In this regard, the Board evaluated the facts of the case in line with the provisions of DPL, the Banking Law and the Regulation. While underlining the rights of the data subjects, including the right to demand for information as to if their personal data have been processed, the Board underlined that the data controllers are under the obligation (i) to finalize the data subjects’ requestsfree of charge, as soon as possible and within thirty days at the latest or (ii) to reject the data subjects’ requestsby explaining the reason and notify the data subject in writing or electronically. The Board determined that the Data Controller did not provide any response to the first inquiry by the Data Subject; and provided response to the second inquiry after the thirty day period.

Furthermore, within the framework of the Banking Law and the Regulation, the Board stated that the confidentiality obligation of the Data Controller requires not to provide “customer secrets” (natural and legal persons’ data after the establishment of a customer relationship with banks specific to banking activities) to third parties about the information and events obtained due to the commercial connection with the customer. On the other hand, this obligation does not prohibit disclosing the Data Subject’s own personal data within the scope of the rights of data subjects regulated under the DPL. The Board also mentioned that the data subject right to request information if their personal data have been processed, includes the right of access to such data.

Accordingly, the Board instructed the Data Controller to share with the Data Subject the transcript of the conversation between them and the customer representative by taking measures such as removing/masking the personal data of others,in line with the rights of data subjects regulated under the DPL.

This website is available “as is.” Turkish Law Blog is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this website, and in no event shall they be liable for any loss or damages.

SPK’dan e-Başvuru Zorunluluğu

CMB Deploys Electronic System for Submissions

Sermaye Piyasası Kurulu Tarafından Payların İlk Halka Arzı Öncesi Uyulacak Ön Şartlardaki Tutarların İndirimine İlişkin Kurul İlke Kararı Yayımlandı

Recent Changes Regarding the Determination of Companies Subject to Independent Auditing

Call Option Agreement on Shares of a Joint Stock Company

Bağımsız Denetime Tabi Şirketlerin Belirlenmesine Dair Karar

The Constitutional Court Decision on Legal Professional Privilege

Two-minute Recap of Recent Developments in Turkish Competition Law - March 2024

Two-minute Recap of Competition Law Matters Around the Globe – March 2024

Türkiye’s Green Transition Journey and Effects on Construction Sector

“Reasonable” Remedy Period

An Overview of FIDIC 2022 Reprint

Veri Koruması İçin Yöntemler: Anonimleştirme ve Psödönimleştirme Hakkında Bir İnceleme

Safeguarding Data: A Review of Anonymization and Pseudonymization

ÇSY Kapsamında Kişisel Verilerin Korunması Hukukunun Önemi

Anayasa Mahkemesi’nden 6325 Sayılı Hukuk Uyuşmazlıklarında Arabuluculuk Kanunu’nun Bazı Hükümlerinin İptaline İlişkin Yeni Karar

New Decision by the Constitutional Court on the Annulment of Certain Provisions of the Mediation in Civil Disputes Law No. 6325

Esin Litigation Quarterly | Issue 4 | March 2024

2024 Yılı İtibarıyla Perakende Ticaret Mevzuatında Neler Değişti?

Sadakat Programlarına İndirimli Satış Reklamı Yasağı!

Obligations under the Distance Contracts Regulation are Postponed

Kamu İhale Sözleşmelerinde Düşük Karbon Emisyonuna Sahip Yeşil Çimento Kullanımının Yaygınlaştırılmasına İlişkin Tebliğ Yayımlandı

Communiqué on the Promotion of the Use of Green Cement with Low Carbon Emission in Public Procurement Contracts has been Published

Şarj Hizmeti Ağlarında Konsolidasyon: Lisans İptalleri

Kurumsal Sürdürülebilirlik Özen Yükümlülüğü Direktifi (CSDDD) Onaylandı

Corporate Sustainability Due Diligence Directive (CSDDD) Approved

Yeşil Dönüşüm Yolunda: Çevre Etiketi Sistemi

Ödeme ve Elektronik Para Kuruluşlarının Asgari Özkaynak Miktarlarında Değişiklikler

Amendments Regarding Minimum Equity Amounts for Payment and Electronic Money Institutions

Dijital Türk Lirası’nda Faz-2 Çalışmalarına Başlandı

Technology Disruption in the Insurance Industry

Cyber Insurance

İklim Değişikliğinin Sigorta Sektörü Üzerindeki Etkisi

Türkiye's Geopolitical and Strategic Importance Regarding Counterfeiting Activities

Design Registration Application in Turkey: Things to Consider

Turkish PTO Will Handle Non-Use Cancellation Actions as of January 10, 2024

İşçinin Ölümü Halinde Kıdem Tazminatı ve Ölüm Tazminatı Taleplerinin Karşılaştırmalı Olarak Değerlendirilmesi

Non-competition Obligation - Intervention of the Judge

İş Sözleşmelerinde Rekabet Etme Yasağı

Türkiye İlaç ve Tıbbi Cihaz Kurumu Tıbbi Cihaz Sektör Belgesi Yayınlandı

Turkish Medicines and Medical Devices Agency Published the Industry Report on Medical Devices

Spor Müsabakalarına Dayalı Bahis ve Şans Oyunları

Remarkable Topics of Recent Times: Betting and Games of Chance on Sports Competitions

Advertising Board Published the Report on Supplementary Food Advertisements!

Convertible Investments in Türkiye

Türkiye’de Pay Opsiyon Planları ve Birleşme Devralmalara Etkileri

Employee Stock Option Plans and Effects on M&A Practices in Türkiye

Yayımlanan Yönetmelik ile Konutların Turizm Amaçlı Kiralanması

Konutların Turizm Amaçlı Kiralanması

Konut Kira Bedeli Artışlarında Azami Sınır

Anonim Şirketlerde Önemli Miktardaki Varlığın Satışı ve İlgili Tartışmalı Konular

Sale of Significant Assets in Joint Stock Companies and Related Contentious Issues

Adi Konkordatoda Alacaklılar Toplantısı

Türkiye’de Çalışan Pay Opsiyon Planları ve Yatırım Sürecindeki Etkileri

Yatırım ve Pay Devri İşlemlerinde Ara Dönem ve Kapanış Şartları

What is Convertible Debt as a Method of Quick Access to Finance?

Damga Vergisi Kanun Genel Tebliği (Seri No: 69) Hakkında Bilgi Notu

Information Note Regarding the General Communiqué on the Stamp Duty Law (Serial No: 69)

Anayasa Mahkemesi’nden Enflasyon Düzeltmesine İlişkin Önemli Karar

The AI Act: The World's First Comprehensive Laws to Regulate AI

AB’den Devrim Niteliğinde Düzenleme: Yapay Zekâ Yasası Onaylandı

Revolutionary Regulation from EU: AI Act is Approved

Regulation on Preventing Collision at Sea

Türkiye’de Deniz Kirliliği Cezalarına İlişkin Yeni Düzenleme

Current Pollution Administrative Fines

Şirket Yöneticilerinin Cezai Sorumluluğu

An Overview of Occupational Fraud 2024: A Report to the Nations by ACFE

Güneş Balçıkla Sıvanmaz!

Turkish Data Protection Board Decision: Confidentiality Obligations of Banks

Popular Articles on Data Protection & Privacy

Latest Insights from Özdağıstanli Ekici Attorney Partnership

Subscribe to our newsletter