ANKARA —The cybersecurity bill, currently under debate in the Turkish Parliament, is raising concerns among opposition parties, lawyers and journalists alike. The proposal is seen as a significant threat to fundamental rights, including freedom of expression, press freedom, privacy and data protection.

In Turkey, reports of ministry data breaches and the theft of millions of citizens’ personal information periodically surface, raising concern. One of the largest data breaches occurred in 2023 when it was reported that the personal data of 85 million citizens was collected from e-Devlet, a web-based system that provides Turkish citizens and residents access to online government services.

While the relevant ministries do not provide the public with satisfactory statements in such cases, the Presidency's Directorate of Communications Disinformation Center often dismisses the reports as simply untrue.

However, the Turkish Parliament's discussions on Jan.15 regarding the 21-article cybersecurity law proposal indicate the government is taking proactive steps to bolster the country’s data security despite authorities’ dismissal of reported data breaches.

The law proposal, now on the agenda, is being discussed by the National Defense Commission, which operates under the Turkish Parliament. The law aims to establish a Cybersecurity Board to develop national cybersecurity strategies and implement measures to protect public institutions against cyberattacks.

Pres. Recep Tayyıp Erdoğan will chair the Board and will include key ministers, such as the Head of the National Intelligence Organization, the Head of the Defense Industry and the Head of Cybersecurity along with other various ministers.

Under the proposed cybersecurity bill, officials would gain the authority to request police searches as well as data copying and seizure operations in residences and workplaces. Such request orders would be given by either a prosecutor or chairman of the board in cases where delay could pose a threat to national security, public order or actions that would prevent a cyberattack.

Additionally, anyone who carries out cyberattacks on critical elements of the Turkish Republic or who stores data obtained from such an attack will face imprisonment ranging from eight to 10 years.

Criticism of the bill

While all political parties generally agree such a law is needed to help protect national and individual data privacy, opposition members criticize the new proposal’s legal framework and are concerned about the potential infringement of constitutional rights.

Speaking to Turkey recap, Özgür Ceylan, the commission spokesperson of the Republican People's Party (CHP), the main opposition party, stated the law proposal contains great risks and threats in terms of protecting fundamental rights and freedoms. He said this is especially the case for freedom of expression and the press, the right to privacy and the right to protection of personal data.

He argued that the regulation is open to arbitrary implementation and sanctions, as it uses vague and uncertain terms such as ‘cyber threat’, ‘cyber incident’, ‘data leakage’, and ‘perception operation’.

Ceylan added one of the most concerning elements of the proposal is the provision that imposes a prison sentence of two to five years for ‘those who carry out activities to target organizations or individuals in cyberspace by creating the perception that there has been a data leak when there has been no data leak.’

Ceylan went on, saying the provision is designed to intimidate groups essential for democratic oversight, such as press and broadcasting organizations, journalists, non-governmental organizations and human rights defenders.

"In a situation where critical views and the right to inform the public are already faced with the risk of arbitrary punishment, this regulation will pave the way for them to go one step further,” Ceylan told Turkey recap.

“In this context, posts claiming data leaks or breaches of cybersecurity that closely concern the public could be targeted. Individuals' ability to express themselves freely may be restricted, and people who report data breach claims may be tried under this crime – foreseeing heavy penalties," he added.

Two commission members with the AKP declined Turkey recap’s requests for comment.

Legal experts express similar concerns

Ankara lawyer Şaziye Aksu, an expert in the field of information law, agreed with the concerns.

Speaking to Turkey recap, she said the regulation is detrimental to freedom of information and fundamental rights such as the right to privacy and freedom of expression.

Aksu likened the regulation to Article 217 of the Turkish Penal Code, which is publicly known as the Censorship Law, regulating the 'Crime of Publicly Spreading Misleading Information', which has led to the prosecution of numerous journalists throughout the country since its implementation in 2017.

The content and justifications of the provisions in the new proposal are most likely deliberately left vague, suggested Aksu. The regulation addresses data collection and processing in cases deemed necessary, which is a very risky situation.

“First of all, it grants the authority to search and seize to a person who is not a member of the judiciary. It delegates a power that should be exercised by a judge to the head of the institution and the limits of this authority are not explained, which puts this proposal in conflict with both the Constitution and the Code of Criminal Procedure.”

Noting the regulation’s numerous uncertainties, Aksu expressed concern that it may lead to situations where news sources and confidential documents meant to remain anonymous become exposed, forcing journalists to reveal their sources.

Aksu said she feared both citizens and journalists will have to self-censor the statements they intend to make, greatly restricting the area of freedom.

“The news generated by journalistic activity could be interpreted as shaping perception and could potentially lead to criminal sanctions against the journalist,” she told Turkey recap.

Support us

Turkey recap is an independent, reader-supported newsletter that helps people make sense of the fast-paced Turkey news cycle. Contact us: info@turkeyrecap.com.

Subscribe here on Substack (or on Patreon for a student discount). Paid subscribers get full access to our recaps, reports, members-only chat and news tracking tools.

Turkey recap is produced by our staff’s non-profit association, KMD. We are an affiliate of the Global Forum for Media Development and aim to create balanced news that strengthens local media by supporting journalists in Turkey.

Diego Cupolo, Editor-in-chief

Emily Rice Johnson, Deputy editor

Azra Ceylan, Economy reporter