Does the New Turkish Social Network Provider Regulation Provide a Right to Be Forgotten?
What is the Right to be Forgotten?
The “Right to be Forgotten” is a right that has been a topic of discussion in EU countries and internationally for a long time, though it has no clear definition yet in most jurisdictions.
However, the ruling that turned this right into a hot debate topic was Google Spain v. Costeja, which was examined before the European Court of Justice in 2014. In the case, applicant Mario Costeja Gonzalez’s properties were put up for auction in 1998 due to the deterioration of his financial situation. Gonzalez, who searched for his name on the Google search engine in 2010, noticed that the newspaper advertisement regarding this auction still appeared in the search results. Mr. Gonzalez, also a lawyer, who healed his financial situation after that incident, applied to Google on the grounds that his personal reputation was damaged due to the content associating his name with the auction that is no longer relevant. However, his request was rejected by Google. The ruling given by the European Court of Justice in response to Mr.
Gonzalez’s application has been the cornerstone of many regulations made today. In the reasoning of the decision, it was stated, an Internet search engine operator is responsible for the processing of personal data it carries out that appears on web pages published by third parties, and under certain circumstances, individuals can ask search engines to remove links to web pages containing personal data.
The decision is binding for all search engines operating in the European Union countries when the information is “inaccurate, inadequate, irrelevant or excessive in relation to the purposes of the processing.” This decision led to seeking ways to a broader application of the right in European countries such as France. The French National Informatics and Freedoms Commission (CNIL) imposed an administrative fine on Google on the grounds that the
geo-blocking application to block access to content is not sufficient and that access must be prevented globally. The request for extraterritorial application of the right to be forgotten created a strong reaction among advocates of freedom of expression and access to information. Later, the European Court of Justice ruled that Google and other search engines have no obligation to apply the European Right to be Forgotten globally, thus ending the discussion on the necessity of extraterritorial application of the right.
How Do the European General Data Protection Regulation and Turkey’s Law on the Protection of Personal Data Regulate the Right to Be Forgotten?
Article 17 of the European General Data Protection Regulation, which entered into force in 2018, sets forth a “Right to Delete” in terms of personal data. Although the right to be forgotten is not defined separately, it has been evaluated within the scope of the obligation to delete, and it is stipulated that individuals can exercise this right in cases where the purposes and/or conditions of collecting or processing personal data are no longer necessary. However, the article sets forth some exceptions to the exercise of this right. Therefore, this right cannot be exercised in terms of data processed for the following situations;
- For exercising the right of freedom of expression and information;
- For compliance with a legal obligation;
- For the performance of a task carried out in the public interest;
- For reasons of public interest in the area of public health;
- For archiving purposes in the public interest, scientific or historical research; purposes or statistical purposes;
- For the establishment, exercise or defence of legal
In Turkish legislation, this right is not explicitly regulated as a ‘Right to be Forgotten,’ but individuals have been given the right to delete personal data under Article 7 and 11 of the Law No. 6698, the Law on the Protection of Personal Data. The right to delete has also been established in Article 20, Paragraph 3 of the Constitution of the Republic of Turkey as, “Everyone has the right to request the protection of his/her personal data. This right includes being informed of, having access to and requesting the correction and deletion of his/her personal data, and to be informed whether these are used in consistency with envisaged objectives.”
As stated in the June 23, 2020 dated decision of the Turkish Personal Data Protection Authority, titled, “Requests for Delisting the Results of Searches from Search Engines Concerning Name and Surname of Persons,” in the evaluation of the requests, a balance test is required between the fundamental rights and freedoms of the relevant person and the interests of the public to access to the said information. Therefore, it will be determined which of the competing interests outweighs, and when making this assessment, it will be examined primarily within the framework of the criterias determined by the authority, but each request will be examined within its special circumstances. In the decision, it is also stated that individuals may first assert their requests to search engines, and if the search engine rejects the request, they can appeal the decision to the Authority.
Do the amendments made in the Law No. 5651 on the Regulation of Publications on the Internet and Combating Crimes Committed by Means of Such Publication provide a right to be forgotten?
The law that sets forth several amendments to the existing regulations concerning social network providers, which has been one of the pressing issues of Turkey’s agenda recently, will come into force on October 1, 2020. Although the text of the law does not explicitly refer to the right to be forgotten, individuals have been given the opportunity to apply to the Criminal Judgeship of Peace for the blocking or removal of the content on the grounds of violation of their personal rights and privacy. Within the scope of these requests, the necessary notification could be made to the search engines by a court decision so that the names of the applicants are not associated with the websites that are found to be violating personal rights and privacy.
