Post on 18-Nov-2014
description
Data Protection in Electronic Communications Sector
Özgür Fatih AKPINARHead of Consumer Rights Department
20, June, 2011
Content of the Presentation
A few words
Role of the NRA
Legislation in Turkey By-Law on Personal Data Processing and Protection of Privacy in The
Telecommunications Sector By-Law on Security of Electronic Communications
Regulatory Experiences of the ICT Authority Breach of personal data: Unauthorized access to itemised bills Preventing unlawful processing of personal data : Anonymous SMS Exceptions for personal data processing: Emergency Calls
Conclusion
A few words:
One of the firms says that we have 1/3 of world populations personal data ranging from their bank accounts to GSM numbers.
A few words:
Personal Information/Data: Any information related with natural and/or legal persons which can be defined directly or indirectly by using one or more elements of identity card number or physical, psychological, intellectual, economic, cultural and social identities or health related, genetic, ethnic, religious, family related and political information.
Modification of the Constitution (2010) Article 20: Everybody can request protection of their personal data …..
Role of the NRA
Since protection of personal data is a fundamental right, it is necessary for ICT Authority to regulate processing and protection of personal data.
Why is it necessary?
Role of the NRA
Is it the beginning or to the end?
Legislation
Legislation in Turkey
By-Law on Personal Data Processing and Protection of Privacy in the Telecommunications Sector enacted in 2004.
By-Law on Security of Electronic Communications enacted in 2008.
Regulatory Experiences
Regulatory Experiences of the ICT Authority show us if NRAs have provisions to protect consumers from processing of their personal data Communication with confidently, Either people or firms can benefit from processing of personal data, Restriction of calling and connected line identification
If NRAs do not care processing of personal data What you are talking, Which parties you are communicating, Unsolicited communications, Somebody can communicate on behalf of you.
Current case in Turkey
Unauthorized access to itemised bills-1
Newspaper named “Taraf”- It is argued that “Personal data of subscribers of one of the operators can be accessed by third parties.”
A thouroughful investigation had been carried out, and
1.250.000 TL (almost $800.000) penalty was charged.
Unauthorized access to itemised bills-2
An argument about unauthorized access of former soccer player Rıdvan DİLMEN to call detailed record (CDR) of his former girl friend.
A detailed investigation had been carried out,
During the investigation, NRA also benefits from indictment of high courts,
Police statements and written records.
13.000.000 TL (almost $9.000.000) penalty was charged.
Anonymous SMS
Argument regarding presence of a security risk in one of the mobile operators’ network which makes it possible to send an SMS in the name of another subscriber,
Precautions:
Preventing SMS messages coming from abroad for the subscribers who are not using international roaming and
Preventing SMS messages from international locations which are sent using an alfa-numeric identity.
Preventing presentation of Calling Line Identification (CLI) and right of blocking the call without CLI
With the By-Law on Personal Data Processing and Protection of Privacy in The Telecommunications Sector
Preventing the presentation of the calling line identification is a consumer right, however
In such cases, called subscribers must be able to reject incoming calls where the presentation of the calling line identification has been prevented.
Processing of Location Data for Urgent call
Location data can be processed for emergency call purposes without prior consent of the subscriber.
Conclusion
Ensuring privacy of the personal data is crucial for;
Subscribers, Creating secure communications environment and Achieving maximum benefit from electronic communications
services.
Hence it is necessary for NRAs and operators to cooperate with ensuring data privacy so as to describe the period as a beginning.
You can decide which one is correct.
It is clear that it depends on NRAs performance.
Thank You