- within Privacy topic(s)
- within Privacy, Intellectual Property and Insolvency/Bankruptcy/Re-Structuring topic(s)
Draft Law on Protection of Children and Young People in the Digital Environment ("Draft") was submitted to the Presidency of the Grand National Assembly of Turkey on January 7, 2026.
The Draft generally aims to protect children and young people from harmful content that negatively affects their development in the digital environment and imposes various obligations for different actors in the digital environment. If the Draft enters into force, digital content providers will be required to bring their content into compliance with the new law within six months of its effective date.
1) Responsibilities of Social Network Providers
Social media providers will be required to establish and maintain the necessary systems to verify users' ages. Biometric data obtained during this process must be used solely for verification purposes and must not be processed in any other way once the verification is completed. These actors will also be required to create special safety provisions for user groups that lack sufficient information and awareness about their rights regarding data processing and the risks and consequences they may face, in order to ensure that as little personal data as possible is processed, and to prevent its transfer to third parties.
Social network providers shall be obligated to take into account the age groups of their users when providing content, advertisements, and services, ensuring that elements such as user agreements and data policies are prepared in a clear and understandable manner, not presenting personal advertisements and implementing measures such as parental control applications. Social media providers that fail to comply with the measures specified in the proposal will be subject to administrative fines ranging from 1,000,000 Turkish lira to 5,000,000 Turkish lira. In the event of repeated violations, the operations will be suspended.
It may be said that the obligations imposed on social network providers by this Proposal, regarding the protection of children's personal data and age verification, align with the Children's Online Privacy Protection Act ("COPPA") and, in terms of regulating the restriction of digital content and personalized advertisements offered to children in addition to the aforementioned topics, the European Commission's "Guideline on Measures to Ensure a High Level of Privacy, Safety and Security for Minors Online ("Guideline"). In this context, should the Proposal be enacted, it will constitute an important step towards compliance with international regulations and recommendations.
2) Age and Time Restrictions, Digital Game Quotas, and Prevention of Virtual Gambling
If the Draft enters into force, digital content providers will be required to label their content according to appropriate age groups and implement mechanisms based on age and time restrictions. Time limits and restrictions on access to digital media during certain hours will be required for users under a certain age in online games and other digital media.
Game companies and other digital content producers are also placed under an obligation to take into account the holistic development of children in the content they offer.
Institutions with the right and authority to establish gambling activities under Law No. 5602 will also be required to establish the necessary age verification systems to prevent access by users under the age of 18. It may be said that, with respect to access to games of chance, the Proposal also aligns with the Guideline in terms of access to gambling activities, thereby ensuring progress in compliance with international regulations.
Platforms that fail to comply with these conditions will be subject to administrative fines ranging from 1,000,000 Turkish lira to 5,000,000 Turkish lira. In the event of repeated violations, they may face suspension of operations.
3) Duty to Inform Parents
Draft also requires social media and gaming platforms with users under the age of 18 to provide parents with weekly usage reports. If children access risky content, parents must be notified immediately. The proposal imposes a similar obligation to that under COPPA in this regard, but unlike COPPA, it also requires the immediate reporting of online activities where personal data is not processed. The proposal further emphasizes that the child's privacy must not be violated when preparing these reports and notifications.
4) Digital Security Authority
Digital platforms will be under the obligation to disclose a risk analysis report to the public explaining the effects to which children may be exposed and will send the data and reports they obtain to the Digital Safety Board within the Digital Safety Authority, which is planned to be established with Draft.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
