The policy decision is related to the application of "black list" software, programs and applications to the car rental sector.
In the relevant decision, these softwares are designed as systems that allow a car rental company to open the data entered by itself to other car rental companies, therefore the data flow regarding the black list It has been concluded that a system providing / sharing has been created and the personal data of the persons renting a car are also shared mutually.
Since the car rental business is carried out within the scope of a contract between the parties in the decision, it is possible for the relevant personal data to be processed by the car rental companies within the scope of the processing condition in accordance with the 2nd paragraph of Article 5 of the Law, but the personal data being processed can be disclosed to other data controllers (other car rental companies) using the same software. constitutes the violation of fundamental rights and freedoms.
In the decision made by the Board, car rental companies and software companies are joint data controllers.
According to the decision, it is necessary to put an end to such unlawful practices and to take the necessary administrative and technical measures in the car rental sector according to the relevant articles of the law.
To reach the detailed version of the decision;
https://www.resmigazete.gov.tr/eskiler/2022/01/20220120-10.pdf
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.