Intellectual Property, Information Technology & Cybersecurity

A Comparative Approach to Joint Controllers

Author: Defne Pırıldar

Introduction

The Personal Data Protection Law numbered 6698 (“PDPL”) introduces definitions for many concepts such as personal data, data controller, data processor and data subject. In terms of understanding and interpreting these concepts, secondary legislation, Personal Data Protection Authority (“Authority”) guidelines and Personal Data Protection Board (“Board”) decisions play a key role. On the other hand, the concept of “joint controller”, which is frequently brought up in data processing activities but not included within the scope of the PDPL, was considered and referenced for the first time by the Board with its decision dated 23/12/2021 and numbered 2021/1303. Although the PDPL’s definition of data controller does not exclude the possibility of joint controllers, the decision addressing this concept for the first time, is noteworthy. In this Newsletter, the concept of joint controller will be discussed with respect to European and Turkish data protection legislation.

Joint Data Controller in European Union Legislation
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“Directive”), which is a guiding source for the preparation process of the PDPL and shares many similarities with, defines data controller as a person who, alone or jointly with others, determines the purposes and means of data processing. With this definition, it is clearly regulated that data controller can determine the purposes and means of data processing alone or jointly with others, while under the PDPL, data controller is defined as a natural or legal person who determines the purposes and means of processing and is responsible for the establishment and management of the data recording system. Considering the definition by the PDPL, although it does not explicitly exclude such concept, it does not offer any clarification as regards to joint controllers...
 
< Back

Erdem & Erdem
 Turkey
TAGLaw
Member Profile
www.erdem-erdem.av.tr