Search
Close this search box.

December 21, 2023

Cyber Crime in Turkish Legal System

 

A.    INTRODUCTION TO REGULATIONS ON CYBER CRIMES IN THE TURKISH LEGAL SYSTEM

 

Some regulations have been made regarding cybercrimes with the New Turkish Criminal Code Numbered 5237 (“TCC”), which was published on 01.06.2005. Crimes committed through electronic/technological means are accepted as cyber crimes and put under sanctions. The subject study includes the provisions of the TCC, Legal evaluations on how to commit the crimes of Access to Data Processing System”, “Hindrance or Destruction of The System, Deletion or Alteration of Data”, “Improper Use of Bank or Credit Cards” and “The Crime of Using Banned Devices or Programs” and the sanctions to be applied in case of committing.

 

B.    THE SCOPE OF CYBER CRIMES AND PERSUADED LEGAL SANCTIONS IN THE TURKISH LEGAL SYSTEM

 

Although there is no legislation prepared specifically on cybercrime in the laws of the Turkish Republic, the provisions related to the cyber-crimes are added to our existing laws. Indeed, the legislation carried out in the field of informatics in Turkey; basically, it has been solaced with the laws, communique, and other regulations regulated by the European Union (“EU”). Although various regulations have been made in many countries regarding each cyber-crime separately; in Turkey, the only regulations in the scope of cyber-crime the provisions have been taken under in TCC.

 

With the regulations added to the TCC; the sanctions to be applied in criminal cases such as accessing the data processing system, blocking the data processing system, destroying the data processing system, effacing/ annihilation and/or changing data, and misuse of bank and credit cards.

 

1.     Access to Data Processing System

 

Article 243 of the TCC titled “Access to Data Processing System “;

 

“(1) Any person who unlawfully enters a part or whole of data processing system or remains there is punished with imprisonment up to one year, or imposed punitive fine.

 

(2) In case the offenses defined in the above subsection involve systems which are benefited against the charge, the punishment to be imposed is increased up to one half.

 

(3) If such an act results in deletion or alteration of data within the content of the system, the person responsible for such failure is sentenced to imprisonment from six months up to two years.

 

(4) Any person who unlawfully monitors data transfers within or between a data processing system or between data processing systems using technical means without accessing the system is punished with imprisonment from one to three years.”

 

If such types of crimes are encountered in our country, the crime in question can be evidenced by both technical examinations by authorized persons in the field of informatics and also with the witness statements according to the nature of the cyber-crimes and the way the crime occurs.

 

In addition to all of these, we would like to point out that, in Turkey, cyber-crimes are not among the crimes deemed to be “offenses prosecuted on the complaint” and/or “conciliation”, and in case of the victim’s waiver of their complaint it shall not prevent the investigation of the crime.

 

In our country, in addition to the crime of “accessing to data processing system”, “hindrance the data processing system, Hindrance or destruction of the data processing system, deletion or alteration of data in the system” has been regulated as a separate crime.

 

2.     Hindrance or Destruction of The System, Deletion or Alteration of Data

 

In article 244 of the TCK titled “Hindrance or Destruction of The System, Deletion or Alteration of Data”;

 

(1) Any person who hinders or destroys the operation of a data processing system is punished with imprisonment from one year to five years.

 

(2) Any person who garbles, deletes, changes, or prevents access to data, or installs data in the system, or sends the available data to other places is punished with imprisonment from six months to three years.

 

(3) The punishment to be imposed is increased by one half in case of commission of these offenses on the data processing systems belonging to a bank or credit institution, or public institutions or corporations.

 

(4) Where the execution of the abovementioned acts does not constitute any other offense apart from unjust benefit secured by a person for himself or in favor of third parties, the offender is sentenced to imprisonment from two years to six years, and also imposed a punitive fine up to five thousand days.

 

regulations are included.

 

In this provision, the phrase “destroying or changing data in the information system” should be understood; It is the hindrance, destruction, or modification of the data registered in the system by the beneficiary who is authorized to benefit from the information system. The meaning of the expression “blocking the information system or making it inaccessible” that; it prevents the beneficiary, who is authorized to use the system, from entering his/her own data processing system and/or makes that system inaccessible. In conclusion, what should be understood from the phrase “disrupting the data processing system” is; that it is to prevent or disrupt the functioning of the data processing system in accordance with its technical infrastructure. As stated in the regulations regarding other cybercrimes, the investigation and trial to be made with this crime are not subject to the complaint of the victim.

 

3.     Improper Use of Bank or Credit Cards

In addition to all these, the improper use of bank or credit cards within the framework of the principles of processing and protection of personal data within the scope of Electronic Communication Law numbered 5809 (“ECL”) in our country, counterfeiting, falsifying or obtaining them through other unlawful means is also a crime. Due to the ECL’s ” Improper Use of Bank or Credit Cards” article 245. According to thereto;

“(1) Any person who acquires or holds bank or credit cards of another person(s) whatever the reason is, or uses these cards without the consent of the cardholder or the receiver of the card, or secures benefit for himself or third parties by allowing the use of the same by others, is punished with imprisonment from three years to six years, and also imposed a punitive fine up to five thousand days,

 

(2) Any person who secures benefit for himself or third parties by using a counterfeit bank or credit card is punished with imprisonment from four years to seven years if the act executed does not constitute any offense other than forgery and also imposed a punitive fine up to ten thousand days,

 

(3) Any person who benefits themselves or another by using a counterfeit or falsified bank or credit card shall be sentenced a penalty of imprisonment for a term of four years to eight years and judicial a fina up to five thousand days, provided such act does not constitute a separate offense.

 

4.     The Crime of Using Banned Devices or Programs

Finally, crimes committed by using “prohibited devices or programs” are regulated separately in the TPC. Under thereto;

“A device, computer program, password or other security code; who manufacture, import, ship, transport, store, accept, sell, put on sale, the person who buys, gives to others or keeps, shall be punished with imprisonment from one year to three years and also imposed a punitive fine up to five thousand days.”

It has been decided to implement additional security measures following the provisions of other legislation of our country if a legal person gains an unfair advantage from all these cybercrimes, which we explained in detail above.

Within the scope of the regulations in the TCC and Turkish Law, information crimes are limited to the above. Situations such as “theft, fraud and other crimes against personal data not being committed” through information systems are regulated as qualified forms of these crimes.

C.    CONCLUSION OF CYBERCRIME IN TURKISH LEGAL SYSTEM

 

Per the provisions of the TCC mentioned above, which is quite common in practice today; changing e-mail passwords by third parties, changing some information by capturing information systems, changing passwords and contents on social media accounts or blocking access to these accounts, and committing qualified fraud crimes by using information systems are considered as cybercrimes by the TCC.

                                                                                              

Best Regards,

Kılınç Law and Consulting

Authors

Eren Can Ersoy

Eren Can Ersoy

Senior Lawyer