Smartwatches have undeniably revolutionized our lives in the past decade. Apart from their core function as a timepiece, these wearable computers packaged in the form of a watch enable us to answer incoming calls, reply to messages and skim through social media notifications in seconds. Their steady rechargeable lithium-ion battery enables them to measure our heart rate, blood pressure, sleeping patterns, exercise routine, and even our calorie consumption and show daily reports on their touchscreen. However, as these devices carry on with their routine body-monitoring activities, questions regarding their compliance with data protection laws and cyber-security protocols began to arise. Have these devices turned from fashionable wearable computers to devices that collect personal data for commercial purposes?
This article aims to provide a brief evaluation of smartwatches’ data processing activities within the scope of Turkish data protection legislation.
General Data Processing Principles under Turkish Legislation
On 7 April 2016, after continuous efforts to align its national legislation with the European Union acquis, Turkiye adopted its first comprehensive data protection legislation with Law on Personal Data Protection No.6698 (“TDPL”). The TDPL has many similarities with EU Directive 95/46/EC, the predecessor of the Directive on General Data Protection Regulation (GDPR), and sets main data processing principles and obligations for data controllers.