Law No. 5809
The Authority is authorised to inspect and monitor the compliance of operators and consequently has the right to impose, among others, the following sanctions:
- an administrative fine of up 3% of the operator’s net sales of the previous calendar year;
- the suspension of the operator’s authorisation, in the case of gross negligence;
- if the operator initiated its operations recently, an administrative fine from TRY 1,000 to TRY 1m, or other sanctions specified within the Law considering the circumstances applicable;
- the suspension of the operator’s operations temporarily or imposition of other tangible measures in the occurrence of cases as specified in the applicable regulations in effect prior to the incident.
Law No. 5651
As mentioned in our responses to “Key Obligations” above, collective usage providers must take the necessary measures to fight against crimes and detect the individual engaged in such criminal activity. Commercial collective access providers who violate this liability shall receive a warning, an administrative monetary fine and/or the suspension of their business operations for up to three days.
Law No. 5237
Various penalties for cybercrimes have been determined under the Law No. 5237. These are as follows:
Any person who unlawfully accesses, partially or fully, a data processing system, or remains within such system, shall be subject to a penalty of imprisonment for a term of up to one year or a judicial monetary fine.
Where the act defined in the paragraph above is committed in relation to a system that is only accessible upon the payment of a fee, the penalty shall be decreased by up to a half.
Where any data within any such system is deleted or altered because of this act, the penalty to be imposed shall be a term of imprisonment of six months to two years.
Any person who prevents the functioning of a data processing system or renders such system useless shall be subject to a penalty of imprisonment for a term of one to five years.
Any person who deletes, alters, corrupts, or bars access to data, or introduces data into a system or sends existing data to another medium shall be subject to a penalty of imprisonment for a term of six months to three years.
Where this offence is committed in relation to a data processing system of a public institution or establishment, bank, or institution of credit, then the penalty to be imposed shall be increased by a half.
Where a person obtains an unjust benefit for himself or another by committing the acts defined in the aforementioned paragraphs, and such acts do not constitute a separate offence, this person shall be subject to a penalty of imprisonment from two years to six years and a judicial fine of up to 5,000 days.
Any person who produces, imports, transfers, stores, accepts, sells, supplies for sale, purchases, gives to another person, or holds an equipment, computer program, password or other security code which was produced or created for committing abovementioned crimes or other crimes that could be committed by using information systems shall be subject to imprisonment of one to three years and judicial fine of up to 5,000 days.