Brand and reputation management is of utmost importance for any company. From a legal perspective, management of rights associated with brand and reputation entails both proactive and reactive measures. Proactive measures include all sorts of protection of intellectual assets, covering protection of IP rights such as trademarks, design and patents, and protection of IP assets without registration, such as copyright (non-registrable in Norway in opposition to the US), trade secrets and goodwill etc. Reactive measures are all about the legal ‘toolbox’ you have available if your right or brand, registered or not, is being (or threatened to be) infringed or misused. In this article we will give some insight into these aspects under Norwegian law. Continue reading “Brand and reputation management in Norway: proactive and reactive measures under Norwegian Law with a focus on trademarks”
Cross-border data transfer in Turkey: will the problems end?
Since the enactment of the Turkish Personal Data Protection Law No 6689 (the Law) in 2016, one of the most critical problems that in-house lawyers of both local and multinational companies face has become cross-border personal data transfers from Turkey. The government has a tendency to keep the data of Turkish residents in Turkey and, additionally, the government has not being recognised as a secure country by the European Union. The Personal Data Protection Board has reciprocated in this determination of the secure countries providing adequate level of protection, disregarding the transfer mechanisms envisaged under the Law and aggravating the already strict environment for the cross-border transfer of personal data.
Despite the Board’s strict stance with respect to cross-border data transfers, in practice, companies in Turkey largely relied on the provisions of the Council of Europe’s Convention No 108 of 1981 on the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) for data transfers to be made to European countries. However, the Board’s decision, published in September 2020, disregarded the implementation of the Convention 108 for such data transfers prompted private sector players to voice their concerns, which eventually led the Board to soften its approach and government to take action to resolve inconsistencies with the EU’s General Data Protection Regulation (GDPR). While the Board’s approach to the implementation of Convention 108 remains the same, it has signaled that amendments to the Law, in line with the provisions of the GDPR, will be necessary. Therefore, it can be inferred that the government is moving away from its strict stance towards a more liberal approach. In this regard, this article focuses on the legislative framework and how the Board’s practice has been shaped over time.
Legislative framework and practice
Although it is not as comprehensive as the GDPR, Article 9 of the Law envisages several mechanisms, which regulate how personal data may be transferred abroad:
- In the event that (i) the Board determines that the recipient country ensures an adequate level of personal data protection, and (ii) the conditions specified under the Law are deemed applicable, the related transfer operation is permitted to be performed. On the other hand, although the Board has been assigned to publish a list of countries providing an adequate level of protection, no country has been announced yet on the grounds of lack of reciprocity with other countries, especially in Europe. Therefore, this option is currently inapplicable.
- With the explicit consent of the data subject. Although this mechanism is provided as the first option and the Board mentioned it as a viable choice in practice, companies refrain from applying this mechanism as it may be impractical and unfeasible, since the data subjects’ preferences may change frequently and companies have to comply with their choices duly and without any delay.
- where the parties of the related cross-border transfer guarantee an adequate level of protection in writing (concluding undertaking or binding corporate rules (BCR) (BCR, which are adopted from the GDPR, are applicable to data transfers between multinational group companies)) and the approval of the Board on such transfer is obtained. The Board has published the matters that have to be taken into consideration while preparing the undertaking or BCR, as well as the templates to be used. The Board has required the companies to use the templates verbatim while applying for data transfer approval. While the uniform undertaking imposed on companies causes problems for companies – especially for multinational companies that are required to use their own agreements under any jurisdiction due their company policies – the fact that the Board has not granted any approval until recently has also shaken confidence in terms of the operability and effectiveness of this mechanism.
Recent developments
Considering the main mechanisms envisaged under the Law were not feasible for data controllers in practice, companies were forced to seek other options. As the Law also envisages that provisions of other laws concerning cross-border personal data transfers are reserved and international agreements concerning data transfers are prioritised, companies tend to use the special laws and international agreements as the lawful basis for their operations.
Although companies performing data transfers to European countries started to apply to Convention 108 as the lawful basis, the decision of the Board published in September 2020 shocked the private sector players as the Board declared that the Convention 108 is not a primarily applicable source of law for cross-border transfers. This is despite the fact that the Turkish Constitution recognises the priority of international agreements duly put into effect and concerning fundamental rights and freedoms. However being party to Convention 108 will be taken into consideration as a positive element in the adequacy decision.
As another mechanism was blocked by the Board, the only options remaining were unsustainable and non-business-friendly mechanisms requiring obtaining explicit consent of data subjects and the approval of the Board to a mutually signed transfer agreement. This did not seem possible as the Board had not granted one. As such, the pressure from companies on both the Board and the government increased and cross-border data transfer has become one of the most controversial issues of Turkish data protection law.
As the criticisms increased and the private sector’s pressure reached a not insignificant level, on 9 February 2021, for the first time, the Board has announced that an application of a company (TEB Arval) has received the Board’s approval. This was followed by the approvals of Amazon Turkey Perakende Hizmetleri Ltd Şti and Amazon Turkey Yönetim Destek Hizmetleri Ltd Şti on 4 March 2021, which indicated that the Board is signaling a moderate approach to liberating cross-border data transfers.
Nearing the end
Due to the unmanageably restrictive application of cross-border data transfer in practice, business flow is deeply affected, and therefore sector players are putting pressure on both the Board and the government. This has led to the ongoing work regarding the amendment of the Law’s cross-border data transfer provisions in accordance with EU acquis. Against this background, the Board published a public announcement on cross-border data transfers on 26 October 2020, which signalled their intention to harmonise the cross-border data transfer provisions of the Law with those of the EU. The announcement also sets forth that the principle of reciprocity is significant in the determination of safe countries. However, while bilateral negotiations continue in this regard, since Turkey is not yet recognised as a secure country by any foreign country or the European Union, significant delay may reasonably be expected in the announcement of secure countries.
Additionally, on 12 March, President Erdoğan introduced the Economic Reform Package, which puts forward that necessary amendments to bring the Law in line with the provisions of the GDPR will be made by 31 March 2022. Therefore, it is expected that the current strict transfer mechanism will be relaxed with the harmonisation of the provisions regarding cross-border data transfer, which will lead to an effectively functioning transfer regime compatible with the GDPR.
M&A and investment in the Indian insurance market – key drivers
India is the under-insured relative to other more developed economies and the Indian insurance market offers considerable growth opportunities. This has led to significant strategic and private equity investment in this sector in the past. Going forward, the growth story remains, but investment and M&A transactions will also be driven by certain critical regulatory issues summarised below. Continue reading “M&A and investment in the Indian insurance market – key drivers”
Insurance items on the board’s agenda for 2021
The past 12 months have been unprecedented on many fronts. Insurance is an important asset that can provide protection for organisations in challenging times and now that the proverbial ‘rainy day’ has arrived, in-house lawyers need to work closely with their risk managers and the business to maximise potential recoveries under the range of policies which may provide protection. This co-ordinated approach is more important than ever given the already challenging claims environment due to the hardening insurance market. Continue reading “Insurance items on the board’s agenda for 2021”
Malta as a leading pioneer in the fintech sphere
As one of the first jurisdictions to have actively encouraged, drafted and enforced regulation in the cryptocurrency sphere, Malta has in recent years, positioned itself as a leader in this sector. Continue reading “Malta as a leading pioneer in the fintech sphere”
Insurance and insolvency
The pandemic has plunged many previously healthy businesses into or close to insolvency, with serious implications for both the company itself and its commercial counterparties. In the middle of a crisis, it is easy to overlook insurance. Yet, by taking the right steps, corporates can use insurance to bring much-needed stability and liquidity. Continue reading “Insurance and insolvency”
Evolving imperatives
DAC Beachcroft’s survey with The In-House Lawyer, published in the Winter 2021 edition, was undertaken to identify boardroom priorities and how the experience of Covid-19 had changed them. Digital transformation took the leading position, with 43% of respondents saying it was the highest priority pre-Covid and 46% in the prevailing ‘Covid chronic’ time. Its importance was further underlined by nearly half of the senior in-house lawyers taking part saying that spending time on digital change would make the greatest single difference to the business. Continue reading “Evolving imperatives”
Stricter national security requirements to be imposed on businesses in Sweden
As countries and organisations are coping with increasing threats in cyberspace, the Swedish government is preparing stricter security requirements in the field of national security, in part targeting outsourcing. In this article, Henrik Nilsson and Carl Gleisner of Wesslau Söderqvist Advokatbyrå in Stockholm, Sweden summarise the changes of most concern for business partners of Swedish entities engaged in sensitive operations. Continue reading “Stricter national security requirements to be imposed on businesses in Sweden”
Doing business in Chile
This guide has been prepared by Albagli Zaliasnik with the objective of providing our domestic and foreign clients – as well as the law firms worldwide that may need assistance for their clients – with a precise tool that summarises the essential aspects for the formation and development of commercial activities in Chile. Continue reading “Doing business in Chile”
The Covid realignment
‘Insurance is in a perfect storm at the moment. After years and years of what we would call a soft market – characterised by overcapacity, with insurers competing on price and breadth of cover, leading to broad policy wordings and cheap product – a series of events, of which Covid is just one example, is now leading to a correction’, explains Herbert Smith Freehills partner Paul Lewis when discussing the wider effects of the Covid pandemic on the state of the insurance industry. Continue reading “The Covid realignment”
Insurance contract law in Sweden and practical challenges
Along with general development in society, the Swedish insurance market continuously develops. In recent years, new and more complex insurance products have emerged in order to meet the new demands of the increasingly sophisticated market. In this respect, the Swedish insurance market is greatly influenced and affected by the UK insurance market. New and creative insurance products emerging in the UK are often imported to Sweden. This development requires a legal system able to follow and correspond to its progress, something which is a challenge for Swedish insurance law. Continue reading “Insurance contract law in Sweden and practical challenges”
Doing business in Mexico
With a population of almost 130m, a rich cultural history and diversity, and abundant natural resources, Mexico is among the 15 largest economies in the world and the second largest economy in Latin America. The Mexican economy is based on a free market, open to international trade and foreign investment. As one of the most attractive foreign investment destinations, Mexico has a network of free trade treaties with more than 40 countries, as well as agreements for the mutual promotion and protection of investments. Continue reading “Doing business in Mexico”