In Turkey, the Data Protection Law does not provide a definition for a third party; therefore, any individual or entity may be considered a third party. This creates a problem, especially in relation to transfers between data controllers and data processors, as there is no explicit provision in relation to data transfers between data controllers and data processors. As a result, any transfer of personal data from a data controller to a data processor may be interpreted as a transfer to a third party.
