Data Protection in Electronic Communications Sector Özgür Fatih AKPINAR Head of Consumer Rights Department 20, June, 2011
Content of the Presentation A few words Role of the NRA Legislation in Turkey By-Law on Personal Data Processing and Protection of Privacy in The Telecommunications Sector By-Law on Security of Electronic Communications Regulatory Experiences of the ICT Authority Breach of personal data: Unauthorized access to itemised bills Preventing unlawful processing of personal data : Anonymous SMS Exceptions for personal data processing: Emergency Calls Conclusion
A few words: One of the firms says that we have 1/3 of world populations personal data ranging from their bank accounts to GSM numbers.
A few words: Personal Information/Data: Any information related with natural and/or legal persons which can be defined directly or indirectly by using one or more elements of identity card number or physical, psychological, intellectual, economic, cultural and social identities or health related, genetic, ethnic, religious, family related and political information. Modification of the Constitution (2010) Article 20: Everybody can request protection of their personal data …..
Role of the NRA Since protection of personal data is a fundamental right, it is necessary for ICT Authority to regulate processing and protection of personal data. Why is it necessary?
Role of the NRA Is it the beginning or to the end?
Legislation Legislation in Turkey By-Law on Personal Data Processing and Protection of Privacy in the Telecommunications Sector enacted in 2004. By-Law on Security of Electronic Communications enacted in 2008.
Regulatory Experiences Regulatory Experiences of the ICT Authority show us if NRAs have provisions to protect consumers from processing of their personal data Communication with confidently, Either people or firms can benefit from processing of personal data, Restriction of calling and connected line identification If NRAs do not care processing of personal data What you are talking, Which parties you are communicating, Unsolicited communications, Somebody can communicate on behalf of you.
Unauthorized access to itemised bills-1 Newspaper named “Taraf”- It is argued that “Personal data of subscribers of one of the operators can be accessed by third parties.” A thouroughful investigation had been carried out, and 1.250.000 TL (almost $800.000) penalty was charged.
Unauthorized access to itemised bills-2 An argument about unauthorized access of former soccer player Rıdvan DİLMEN to call detailed record (CDR) of his former girl friend. A detailed investigation had been carried out, During the investigation, NRA also benefits from indictment of high courts, Police statements and written records. 13.000.000 TL (almost $9.000.000) penalty was charged.
Anonymous SMS Argument regarding presence of a security risk in one of the mobile operators’ network which makes it possible to send an SMS in the name of another subscriber, Precautions: Preventing SMS messages coming from abroad for the subscribers who are not using international roaming and Preventing SMS messages from international locations which are sent using an alfa-numeric identity.
Preventing presentation of Calling Line Identification (CLI) and right of blocking the call without CLI With the By-Law on Personal Data Processing and Protection of Privacy in The Telecommunications Sector Preventing the presentation of the calling line identification is a consumer right, however In such cases, called subscribers must be able to reject incoming calls where the presentation of the calling line identification has been prevented.
Processing of Location Data for Urgent call Location data can be processed for emergency call purposes without prior consent of the subscriber.
Conclusion Ensuring privacy of the personal data is crucial for; Subscribers, Creating secure communications environment and Achieving maximum benefit from electronic communications services. Hence it is necessary for NRAs and operators to cooperate with ensuring data privacy so as to describe the period as a beginning.
You can decide which one is correct. It is clear that it depends on NRAs performance.