Open menu
21Ocak2022

Decision of Turkish Data Privacy Authority Relating with Automobile Renting Industry

Decision of Turkish Data Privacy Authority Relating with Automobile Renting Industry

It is stated that as a result of the investigation of the Authority within the scope of the notices submitted to the Authority, the software provided by the software firms to the automobile renting companies and the negative experiences of the rent holders during their automobile rental period and the comments of the automobile rental companies for the next renting processes can be viewed by another automobile renting companies in the rental situation, and the lessor is not aware of the processing of this knowledge.

It is stated that once an evaluation is made case-by-case basis between the fundamental rights and freedoms of the person and the legitimate interests of the data controller, the blacklist application is applicable within the data controller company, but if the processed personal data is shared with the other firms, the fundamental rights and freedoms of the data subject will be violated, and commitment to the purpose, limitation and it has been evaluated that is incompatible with the principle of proportionality. In the Decision, it is also stated that the processing of personal data within the scope of the blacklist will prevent the data subject from exercising their rights since they cannot know other automobile renting companies that their personal data were shared with it.

What Are the Points to Be Considered By Data Controllers as of This Resolution?

It has been stated that if personal data is processed within the scope of the black list application in the automobile rental sector in violation of the Personal Data Privacy Law, the automobile rental company that has the control over the said data will be considered as a "joint data controller" with the software firms by the Authority.

It has also been stated that and administrative fine will be imposed on the data controllers who apply to blacklisting if the firms give up the illegal practices and if the necessary administrative and technical measures are not taken by the data controllers.

The Concept of Joint Data Controller

The concept of joint data controller which hasn't been defined in Turkish Personal Data Protection Law numbered 6698 but defined General Data Protection Regulation and stating that software companies are joint data controllers and are responsible for the data processing activities in the Decision for the first time.

Should you require any further details on the subject, you can visit our website VeriSistem® or contact your client representative via the link.

Yazar CottGroup Hukuk ve Mevzuat Ekibi, Kategori Personal Data Protection Law

  • Bordromat

  • Notification!

    The content in this article is for general information purposes only and belongs to CottGroup® member companies. This content does not constitute legal, financial, or technical advice and cannot be quoted without proper attribution.

    CottGroup® member companies do not guarantee that the information in the article is accurate, up-to-date, or complete and are not liable for any damages that may arise from errors, omissions, or misunderstandings that the information may contain.

    The information presented here is intended to provide a general overview. Each specific case may require different assessments, and this information may not be applicable to every situation. Therefore, before taking any action based on the information provided in the article, it is strongly recommended that you consult a competent professional in the relevant fields such as legal, financial, technical, and other areas of expertise. If you are a CottGroup® client, do not forget to contact your client representative regarding your specific situation. If you are not our client, please seek advice from an appropriate expert.

    To reach CottGroup® member companies, click here.

About The Author

/tr/mevzuat/item/kvk-kurumundan-arac-kiralama-sektoru-hakkinda-ilke-karari

Diğer Mevzuatlar