KEY LEGAL DEVELOPMENTS
The Competition Authority initiated a preliminary investigation against undertakings operating in the maritime pilotage and towage sector with the allegations that they made it difficult for competitors to operate and closed the market to competing undertakings by entering into agreements restricting competition, with its decision dated 16.01.2025.
The Competition Authority concluded the investigation against Erikli Su ve Meşrubat Sanayi ve Ticaret AŞ and Pınar Su ve İçecek Sanayi ve Ticaret AŞ. As a result of the negotiations held on 24.04.2025, it was decided that both companies violated Article 4 of the Law No. 4054 on the Protection of Competition and an administrative fine was imposed.
The Competition Authority completed the preliminary investigation conducted against certain undertakings operating in the markets of raw milk purchase, milk feed sales and packaged milk and dairy products production and sales, and the Association of Packaged Milk and Dairy Products Industrialists' Association for allegedly violating Article 4 of Law No. 4054 through price fixing, market sharing and exchange of information sensitive to competition, and decided to open an investigation against the said undertakings.
The Turkish Competition Authority, with its decision dated May 20, 2025, initiated an investigation into undertakings operating in the MDF and particleboard sector on the grounds that they allegedly restricted competition by colluding in raw material procurement processes.
The Central Bank of the Republic of Turkey published its Annual Report for 2024. Accordingly, the year-end inflation rate was realized as 44.4%. In addition, FAST limits were increased in payment systems, international cooperation was strengthened and a total of 160.3 million₺ fines were imposed on 55 payment institutions.
OFFICIAL GAZETTE
The Ministry of Labour and Social Security amended the Communiqué on Workplace Risk Classification Regarding Occupational Health and Safety, published in the Official Gazette dated May 21, 2025, and numbered 32906. Revisions were made to the hazard classes listed in Annex-1 of the communiqué.
The Presidential Circular No. 2025/6 on the 2030 Industry and Technology Strategy was published in the Official Gazette dated 10.05.2025 and numbered 32896. Accordingly, the 2030 Industrial and Technology Strategy focuses on transforming Turkey's industrial and technology ecosystem into a structure that produces higher added value, is innovation-oriented, and has completed its digital and green transformation.
The Regulation Amending the Export Regulation was published in the Official Gazette dated 06.05.2025 and numbered 32892. Accordingly, the concept of electronic export was defined and included in the legislation for the first time, the application, approval, notification and sales periods regarding consignment export transactions were clarified, and the institutional expressions were harmonized.
The Insurance and Private Pension Regulation and Supervision Authority updated the monetary threshold for applications to the Insurance Arbitration Commission, as regulated under Article 30 of the Insurance Law, by way of a communiqué published in the Official Gazette dated May 21, 2025, and numbered 32906. Accordingly, the threshold for the binding effect of arbitral awards increased from ₺ 15,000 to ₺ 25,000.
DATA BREACH NOTIFICATIONS
The explanations in two (2) personal data breach notifications made to the Personal Data Protection Board are as follows:
Ø In the data breach notification submitted to the Board by Kullanatmarket Elektronik Pazarlama Ticaret A.Ş., which has the title of data controller, in summary; The breach, which took place between 30.09.2024 - 09.04.2025, was detected on 08.04.2025, the breach occurred as a result of a cyber attack through the management panel and web application components hosted on the e-commerce infrastructure provided by T-Soft, the relevant groups of people affected by the breach are customers and potential customers, identity (name, surname), contact (e-mail address, phone number, possible address information), customer transaction (order details, transaction history) and transaction security (IP address, username, etc. of user sessions) data were affected by the breach. information) data were affected by the breach, the number of data subjects affected by the breach has not yet been determined, and that data subjects can obtain information via the e-mail address of the data controller [email protected].
Ø In the data breach notification submitted to the Board by Tourama Tourism Seyahat ve Ticaret Anonim Şirketi, the data controller, in summary; the breach occurred on 29.04.2025 and was detected on the same day, the breach occurred through unauthorized access to the e-mails sent to the hotels for information purposes by taking advantage of a security vulnerability in a web application belonging to the data controller, the breach was detected when an unauthorized person sent an e-mail to the data controller that the system was infiltrated, that the relevant group of persons affected by the breach are customers, that first and last name data were affected by the breach, that the exact number of persons and records affected by the breach could not be determined, however, it was evaluated that some files on the e-mail server were leaked in an unauthorized manner and it was estimated that the e-mail server contained the first and last names of approximately 8.200 people's names and surnames were estimated to be on the e-mail server, and that the data subjects can receive information through the communication channels of the data controller.
Discussion