KEY LEGAL DEVELOPMENTS
The Competition Authority concluded its investigation to determine whether there has been a violation of Article 4 of the Law No. 4054 on the Protection of Competition through indirect exchange of information by Fakir Elektrik Ev Aletleri Dış Ticaret AŞ, Vatan Bilgisayar San. ve Tic. AŞ and Teknosa İç ve Dış Tic. AŞ through conciliation procedure.
The Competition Authority initiated an investigation against Google under Article 6 of Law No. 4054 with the allegations that it shifted its online advertising power to other services through the Performance Max campaign, engaged in exploitative practices towards advertisers and distorted competition through data aggregation.
The Competition Authority initiated an investigation under Article 6 of Law No. 4054 as a result of the preliminary investigation into the allegations that Kariyer.Net abused its dominant position through data aggregation practices, pricing behavior and intensive advertising expenditures.
The Competition Authority concluded its investigation into certain undertakings operating in the ready-mixed concrete production sector in Ankara and determined that undertakings violated Article 4 of Law No. 4054 on the Protection of Competition. Consequently, administrative fines were imposed on the involved parties.
The Competition Authority initiated an investigation under Article 4 of the Law No. 4054 on the Protection of Competition, following a preliminary investigation into allegations that certain undertakings and associations of undertakings operating in the agrochemical and seed sectors engaged in anticompetitive practices such as competition-sensitive information sharing and employee non-solicitation agreements.
The Ministry of Trade announced that a total of 103 files, mainly advertisements for electric cars, were evaluated, 92 of these files were found to be in violation of the legislation, and it was decided to impose a total administrative fine of TRY 15,846,894 together with an advertisement suspension.
The Ministry of Trade announced that it established the Electronic Advertisement Verification System (EİDS) to prevent fake and deceptive vehicle advertisements published electronically and to combat advertisement pollution and unauthorized dealerships, and that it has started the application of identity and authorization verification in all vehicle advertisements as of 16 June 2025.
The Ministry of Trade announced that the sales and advertisement restrictions on second hand vehicle sales have been extended until January 1, 2026. The direct or indirect sale or marketing of second-hand automobiles, motorcycles and off-road vehicles will continue to be prohibited until 6 months and 6 thousand kilometers from the date of first registration.
The Capital Markets Board published Bulletins No. 2025/34 and 2025/35. The bulletins contain the results of applications for new activity permits, criminal complaints, administrative fines and other sanctions and measures.
The Central Bank of the Republic of Turkey published its press release on interest rates. Accordingly, the policy rate (one-week repo auction rate) was kept unchanged at 46%, while the overnight lending rate and the overnight borrowing rate were kept unchanged at 49% and 44.5%, respectively.
The Central Bank of the Republic of Turkey published the Press Release on the Macroprudential Framework. In this context, the target ratios for banks with low real person TL deposit ratios were increased and the required reserve ratio applied to the RRR accounts was raised from 33% to 40%.
OFFICIAL GAZETTE
The Presidential Circular on Accessibility of Websites and Mobile Applications was published in the Official Gazette dated June 26, 2025 and numbered 32587. Accordingly, it was decided to establish a Monitoring Commission within the Ministry of Family and Social Services to ensure equality in access to digital services.
The Regulation on General Rules for Building Damage Assessment after Disasters entered into force through publication in the Official Gazette dated June 23, 2025 and numbered 32934. Accordingly, the procedures and principles regarding the determination of building damages, announcement processes and demolition procedures were regulated.
The Resolution of the Personal Data Protection Board dated June 10, 2025 and numbered 2025/1072 was published in the Official Gazette dated June 26, 2025 and numbered 32938. Accordingly, general principles regarding personal data processing practices by sending a verification code via SMS during the provision of products and services were determined.
The General Communiqué of the Financial Crimes Investigation Board entered into force through publication in the Official Gazette dated June 28, 2025 and numbered 32940. The procedures and principles regarding the measures to be taken by crypto asset service providers within the scope of customer recognition measures for the implementation of the Law No. 5549 on Prevention of Laundering Proceeds of Crime were regulated.
DATA BREACH NOTIFICATION
The explanations in two (2) personal data breach notifications made to the Personal Data Protection Board are as follows:
- In the data breach notification submitted to the Board by TCO Turkey Mücevherat Ticareti Limited Şirketi, as the data controller, in summary; It was stated that between 12.05.2025-16.05.2025, unauthorized access was provided to the systems of Tiffany and Company, its US-based subsidiary, between 12.05.2025 and 16.05.2025, the breach was detected on 04.06.2025, the affected person group is the employees and customers of the data controller, the affected personal data may include name, contact information, title, usernames, hashed passwords and customer names, age, sales data and gender information.
- In the data breach notification submitted to the Board by BeiGene, Ltd. as the data controller, in summary; it was stated that a limited number of corporate files were uploaded to pastebin.com and swisstransfer.com platforms on June 16, 2025, that these files contain data related to the planning and follow-up of clinical studies, that a total of 467 people, including 17 employees and 450 patients from Turkey, were affected by the breach, and that the affected personal data categories are identity, contact and health information.
Discussion