Information Technology Reference
In-Depth Information
95/46/EC. Statements were made during the sessions organized by the EU
Commission in January 2012 that the main obstacle in the path of the use of cloud
computing are worries about the data protection arising from the data protection laws
varying from country to country within EU, and that it was important that EU Council
and Parliament work on a new regulation as soon as possible. The current data
protection directive, 95/46/EC, falls short and/or bears uncertainties in terms of using
and providing new Internet services (cloud computing, social networking web sites etc.)
and this has led to the preparation of a new personal data protection draft directive
(reference no IP/12/46), which is a comprehensive reform in the data protection law, on
the basis of the preliminary projects started in 2010 [19]. This new personal data
protection draft, which includes reforms regarding possible risks of cloud computing,
was submitted for the approval of the EU Council and Parliament on 25 January 2012.
Topics related to cloud computing include: transfer of personal data between service
providers, clarification of the conditions under which personal data can be obtained,
"right to be forgotten" enabling a data subject to manage her/his online data protection
rights, informing a data subject at every stage of data processing, including information
about any security violations during the process [20].
3.3
Laws Regarding Cloud Computing in Turkey
As there is no law regarding the privacy of personal information and data protection in
cloud computing, the relationship between service providers and users is limited to
terms of service agreements and there is little legal recourse for the user in resolving
disputes stemming from the relationship with the service provider. The issue of personal
information privacy in general is addressed in Article 20 in the Turkish Constitution
(with the Annex in 2010) [21] and Article 135 and 136 in the Turkish Penal Code (TPC)
[22] within Turkish legislation. However, it is evident that the regulations in the
Constitution and TPC are not even at the protection level of data protection law which
has been in force within EU since 1998 and which is already thought to be insufficient
in the presence of new technologies. A choice of law or choice of forum that specifies
jurisdiction outside the borders of Turkey in the terms of service means that an
international and excessively costly legal struggle will be required in order to submit a
claim in the event of a dispute. In the event that choice of law (jurisdiction) is not
mentioned in the terms of service and servers of the service provider are located in a
different country; Article 12 and 13 of TPC [22], to which individuals may think of
referring, remain incapable of providing relief in the context of cloud computing.
Article 12 of TPC, which is based on the principle of protection of the injured party in
the event of criminal acts committed outside Turkey, stipulates that the offender, who
commits the illegal act abroad, should be within the borders of Turkey. Other illegal
acts committed abroad are mentioned in Article 13 of TPC. However, Article 13 is far
from being a settling article in terms of disputes about cloud as cybercrimes are not
included in the catalogue of crimes addressed in this Article.
Turkey is a party to important conventions established by the European Council in
order to protect personal information and individual rights. None of them, however,
have been put into effect by harmonizing them with the domestic law. Passing the
"Motion for Personal Data Protection", which will harmonize the Convention with the
Search WWH ::
Custom Search