MOBILE MARKETING ASSOCIATION TO BUILD MOBILE PRIVACY GUIDELINES FOR THRIVING MARKETPLACE (DECEMBER 2010)

The MMA (Mobile Marketing Association) today announced the launch of an initiative focused on the development of a comprehensive set of mobile privacy guidelines to complement its already well-established Global Code of Conduct. The objective of these guidelines is to address the growing need for marketers and consumers to have a transparent, accepted understanding as to how consumer information is collected and used for the purposes of relevant value exchange within a mobile marketing context and across market sectors.

“The launch of this initiative shows the MMA’s and Mobile industry’s ongoing commitment to the importance of consumer transparency with regards to privacy issues and data collection,” said Greg Stuart, Global CEO of the MMA. “The industry recognizes that in order for marketers and publishers to responsibly and sustainably engage consumers through and with the mobile channel, we need to continuously update how we address the collection, management and use of personal data or related consumer information.”

The MMA is calling upon leaders across the mobile ecosystem, including media companies, mobile carriers, marketers, agencies and media technologies, to join in this effort by participating on its Privacy Committee. This will also be an important point of discussion at the MMA’s Consumer Best Practices (CBP) Public Forum on January 26, 2010 in Boca Raton, Florida. The CBP meeting is the MMA’s annual forum that facilitates an open dialog around the mobile marketing industry’s consumer-engagement, self-regulatory principles and guidelines, including best practices for messaging, mobile web, applications, advertising, commerce and privacy.

The MMA’s privacy initiative, led by Alan Chapell, president of Chapell & Associates and Co-Chair of the MMA Privacy Committee, hope to establish a common framework that marketers and media companies can use to engage consumers through and with mobile. These deliverables will help marketers and media companies understand how to appropriately engage consumers directly through the eight mobile media paths (SMS, MMS, Email, Voice, Applications, Mobile Internet, Content and Proximity channels) and with mobile when used in a traditional media context across various market sectors, such as consumer packaged goods, retail, financial services and healthcare.

“As an emerging industry, there’s a significant opportunity in the mobile space for all participants to proactively embrace the concept of ‘privacy by design,’” said Chapell. “I applaud the MMA for taking the initiative on these important issues.”

Individuals and organizations interested in collaborating with the MMA on these efforts parties should contact the MMA at commitees@mmaglobal.com.

Hosted by the MMA’s CBP Committee, the CBP Guidelines provide measures of acceptable and unacceptable practices. Frequently updated, these Guidelines set the industry standard for cross-carrier mobile content services, such as text messaging (SMS), multimedia messaging (MMS), email, shortcode programs, Interactive Voice Response (IVR), mobile web, proximity channels and applications.

To attend the CBP forum,please register at http://mmaglobal.com/CBP-2011.


About the Mobile Marketing Association (MMA)
The Mobile Marketing Association (MMA) is the premier global non-profit trade association representing all players in the mobile marketing value chain. With more than 700 member companies, the MMA is an action-oriented organization with global focus, regional actions and local relevance. The MMA’s primary focus is to establish mobile as an indispensable part of the marketing mix. The MMA works to promote, educate, measure, guide and protect the mobile marketing industry worldwide. The MMA’s global headquarters are located in the United States and it has regional chapters including North America (NA), Europe, Middle East and Africa (EMEA), Latin America (LATAM) and Asia Pacific (APAC) branches. For more information, please visit www.mmaglobal.com.

ELEKTRONİK İMZA-TEBLİĞ

18 Aralık 2010 CUMARTESİ
Resmî Gazete
Sayı : 27789

TEBLİĞ

Bilgi Teknolojileri ve İletişim Kurumundan:

ELEKTRONİK İMZA İLE İLGİLİ SÜREÇLERE VE TEKNİK KRİTERLERE

İLİŞKİN TEBLİĞ’DE DEĞİŞİKLİK YAPILMASINA DAİR TEBLİĞ

MADDE 1 – 6/1/2005 tarihli ve 25692 sayılı Resmî Gazete’de yayımlanan Elektronik İmza ile İlgili Süreçlere ve Teknik Kriterlere İlişkin Tebliğ’in “Algoritmalar ve Parametreler” başlıklı 6 ncı maddesinin son fıkrası aşağıdaki şekilde değiştirilmiştir.

“Yukarıda belirtilen algoritmalar ve parametreler 31/12/2011 tarihine kadar geçerlidir.”

MADDE 2 – Bu Tebliğ yayımı tarihinde yürürlüğe girer.

MADDE 3 – Bu Tebliğ hükümlerini Bilgi Teknolojileri ve İletişim Kurulu Başkanı yürütür.

Report on the "Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites

The Berkman Center for Internet & Society is pleased to announce a new report on the impact of distributed denial of service (DDoS) attacks on human rights and independent media sites.

"Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites" by Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York, and John Palfrey
http://cyber.law.harvard.edu/publications/2010/DDoS_Independent_Media_Human_Rights

Overview:


Distributed Denial of Service (DDoS) is an increasingly common Internet phenomenon capable of silencing Internet speech, usually for a brief interval but occasionally for longer. In this paper, we explore the specific phenomenon of DDoS attacks on independent media and human rights organizations, seeking to understand the nature and frequency of these attacks, their efficacy, and the responses available to sites under attack. Our report offers advice to independent media and human rights sites likely to be targeted by DDoS but comes to the uncomfortable conclusion that there is no easy solution to these attacks for many of these sites, particularly for attacks that exhaust network bandwidth.


For more information about the Berkman Center's research on DDoS, please visit: http://cyber.law.harvard.edu/research/ddos

European Parliament resolution of 15 December 2010 on the impact of advertising on consumer behaviour (2010/2052(INI))

The European Parliament ,

– having regard to Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the internal market(1) (UCPD),

– having regard to Directive 2006/114/EC of the European Parliament and of the Council of 12 December 2006 concerning misleading and comparative advertising(2) (MCAD),

– having regard to Directive 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual media services (Audiovisual Media Services Directive or AMSD)(3) ,

– having regard to Regulation (EC) No 2006/2004 of the European Parliament and of the Council of 27 October 2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws (Consumer Protection Cooperation Regulation)(4) ,

– having regard to the Charter of Fundamental Rights of the European Union(5) , in particular Articles 7 (respect for private and family life) and 8 (protection of personal data) thereof,

– having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(6) ,

– having regard to Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector(7) ,

– having regard to Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce in the Internal Market(8) ,

– having regard to its resolution of 9 March 2010 on consumer protection(9) ,

– having regard to its resolution of 9 March 2010 on the Internal Market Scoreboard(10) ,

– having regard to its resolution of 13 January 2009 on the transposition, implementation and enforcement of Directive 2005/29/EC concerning unfair business-to-consumer commercial practices in the internal market and Directive 2006/114/EC concerning misleading and comparative advertising(11) ,

– having regard to its resolution of 18 November 2008 on the Consumer Markets Scoreboard(12) ,

– having regard to its resolution of 3 September 2008 on how marketing and advertising affect equality between women and men(13) ,

– having regard to the Commission communication of 28 January 2009 entitled ‘Monitoring consumer outcomes in the single market: Second edition of the Consumer Markets Scoreboard’ (COM(2009)0025) and the accompanying Commission staff working document entitled ‘Second Consumer Markets Scoreboard’ (SEC(2009)0076),

– having regard to the Commission staff working document of 29 March 2010 entitled ‘Consumer Markets Scoreboard – Consumers at Home in the Internal Market: Monitoring the integration of the retail Internal Market and Benchmarking the Consumer Environment in Member States’ (SEC(2010)0385),

– having regard to the report entitled ‘Consumer protection in the internal market’, published by the Commission in October 2008 (Special Eurobarometer 298),

– having regard to the analytical report entitled ‘Attitudes towards cross-border sales and consumer protection’, published by the Commission in March 2010 (Flash Eurobarometer 282),

– having regard to the European approach to media literacy in the digital environment (COM(2007)0833),

– having regard to the Commission guidelines on the application of the Unfair Commercial Practices Directive (SEC(2009)1666),

– having regard to Opinion 2/2010 on online behavioural advertising, adopted by the Article 29 Data Protection Working Party on 22 June 2010,

– having regard to Opinion 5/2009 on online social networking, adopted by the Article 29 Data Protection Working Party on 12 June 2009,

– having regard to the communication from the French National Commission for Information Technology and Civil Liberties (CNIL) of 5 February 2009 entitled ‘La publicité ciblée en ligne’ ('Targeted online advertising‘ ),

– having regard to Rule 48 of its Rules of Procedure,

– having regard to the report of the Committee on the Internal Market and Consumer Protection and the opinion of the Committee on Women's Rights and Gender Equality (A7-0338/2010),

A. whereas advertising fosters competition and competitiveness, is likely to limit abuses of dominant positions and encourages innovation in the internal market, and consequently benefits consumers, particularly by increasing the range of choice, lowering prices and providing information on new products,

B. whereas advertising constitutes an important and often crucial source of funding for a dynamic and competitive media landscape and actively contributes to a diverse and independent press in Europe,

C. whereas some advertising practices may nevertheless have a negative impact on the internal market and on consumers (owing to unfair practices, intrusion into public spaces and the private arena, targeting of individuals, entry barriers and distortion of the internal market),

D. whereas it is still necessary to combat unfair commercial practices in the advertising field, as Special Eurobarometer 29 makes it clear that they are still common,

E. bearing in mind the significant impact on advertising of the development of communications media, particularly through development of the internet, social networks, forums and blogs, the rising mobility of users and the rapid growth of digital products,

F. whereas in view of a degree of consumer fatigue at the proliferation of advertising messages there is a temptation today to use the new communications technologies to disseminate commercial messages even when they are not clearly designated as such and are thus likely to mislead consumers,

G. whereas the development of new advertising practices online and via mobile devices is generating a range of problems that need dealing with in order to safeguard a high level of protection for users,

H. whereas online advertising plays an important economic role, particularly by financing free services, and whereas it has grown exponentially,

I. bearing in mind that the development of targeted (contextual, personalised and behavioural) advertising, supposedly tailored to internet users‘ interests, constitutes a serious attack on the protection of privacy when it involves tracking individuals (through cookies, profiling and geolocation) and has not first been freely and explicitly consented to by the consumer,

J. whereas the personalisation of advertising messages must not lead to the development of intrusive advertising infringing legislation on the protection of personal data and privacy,

K. whereas groups of people who are particularly vulnerable because of their mental, physical or psychological infirmity, age or credulity – such as children, teenagers, the elderly or certain people made vulnerable by their social and financial situation (such as those with excessive debts) – need special protection,

L. recognising that there is still a lack of information on the precise socio-psychological effects of new, more pervasive and more widespread forms of advertising, particularly in respect of the position of those who cannot afford to buy the goods and services promoted by these advertisements,

M. whereas the specific nature of certain products – such as tobacco, alcohol, medicines and online gambling – calls for proper regulation of internet advertising with a view to avoiding abuses, dependence and counterfeiting,

N. bearing in mind that advertising can act as a powerful catalyst in combating stereotypes and prejudices based on racism, sexism and xenophobia,

O. bearing in mind that advertising often transmits biased and/or derogatory messages which perpetuate stereotyped prejudices regarding gender, thereby undermining equality strategies aimed at eradicating inequalities,

Evaluation of the existing legislative and non-legislative framework

1. Maintains that the Unfair Commercial Practices Directive provides an essential legal framework for combating misleading and aggressive advertising, in relations between companies and consumers; recognises that although it is not yet possible to undertake a comprehensive evaluation, several difficulties with implementation and interpretation are already apparent (especially regarding the new, more pervasive forms of advertising), as demonstrated by European Court of Justice judgements ruling against existing national measures for going beyond the provisions of the Unfair Commercial Practices Directive, which may call into question the efficacy of the Directive;

2. Emphasises that differences in its interpretation and implementation at national level have precluded the desired level of harmonisation, creating legal uncertainty and undermining cross-border trade in the single market;

3. Calls on the Commission to update, clarify and strengthen its guidelines on the implementation of the Unfair Commercial Practices Directive on a very regular basis and ensure that they are translated into the EU's official languages, and calls on the Member States to take those guidelines into account as far as possible;

4. Welcomes the Commission's intention of finalising and publishing in November 2010 a database of national measures adopted to transpose the Unfair Commercial Practices Directive, the applicable case law and other relevant documents;

5. Recalls that the scope of the Unfair Commercial Practices Directive is limited to business-to-consumer relations while the Misleading and Comparative Advertising Directive deals with business-to-business relations; underlines that certain entities do not fall within the scope either of the Unfair Commercial Practices Directive or of the Misleading and Comparative Advertising Directive, such as NGOs or interest groups; therefore calls on the Commission to conduct a separate analysis of the impact of misleading advertising practices targeting those categories apparently not covered by either Directive; calls on the Member States to improve coordination between themselves and to provide adequate solutions for those categories that have been subjected to intra-EU cross-border misleading advertising practices;

6. Welcomes the joint investigations undertaken by the Member States (‘EU sweeps’); calls for further such investigations, the scope of which should be broadened; calls on the Commission to report to Parliament results of the sweeps and prepare, if necessary, further steps to improve the internal market for consumers;

7. Calls on the Member States to provide the competent national authorities with the necessary financial, human and technological means and resources for their effective action; urges the Commission, on the basis of the Consumer Protection Cooperation network experience, to further facilitate the cooperation between national authorities and improve the effectiveness of their control;

8. Asks the Commission to prepare an analysis of the obligations and control functions of the national consumer authorities and to share best practices so as to improve the effectiveness of their work;

9. Calls on the Commission to extend the scope of Regulation (EC) No 2006/2004 to include counterfeiting and illegal products, and to boost the exchange of information between Member States under that Regulation, so as to improve the fight against fraud connected with illegal advertising;

10. Considers the practice of self-regulation as a dynamic, flexible and responsible adjunct to the existing legislative framework; suggests that those Member States that do not yet have self-regulatory bodies should facilitate the establishment of such bodies, on the basis of best practices from other Member States, and/or grant them formal recognition;

11. Emphasises nevertheless the limits of self-regulation, which cannot in any case take the place of legislation, particularly as regards the establishment of rules to protect the personal data of consumers and the penalties applicable if such rules are not respected;

12. Calls on the Commission and the Member States to evaluate the implementation of national codes of conduct relating to the media and new information and communication technologies; calls on the Member States to assess the effectiveness of national self-regulatory bodies;

13. Underlines the societal responsibility that comes with the impact and reach of widespread and pervasive advertising, and emphasises the role of advertising companies in cultivating a culture of corporate awareness and responsibility;

14. Encourages consultation of the various stakeholders involved in legislative developments;

15. Calls on the Commission and the Member States to ensure by appropriate means that the media and advertising professionals guarantee respect for human dignity and that they oppose direct or indirect discriminatory or stereotyping images or any incitement to hatred based on sex, race, ethnic origin, age, religious or other beliefs, sexual orientation, disability and social status;

16. Calls on those Member States that have not yet implemented the Audiovisual Media Services Directive to do so immediately; awaits with interest the publication by the Commission of the report on the application of the Audiovisual Media Services Directive, and stresses the need to address the use of new technologies (such as IPTV);

Issues arising from the development of the internet and new technologies

17. Denounces the development of ‘hidden’ internet advertising that is not covered by the Unfair Commercial Practices Directive (consumer-to-consumer relationships), in the form of comments posted on social networks, forums and blogs, the content of which is difficult to distinguish from mere opinion; considers indeed that there is a risk that consumers will make wrong decisions in the belief that the information on which they are based stems from an objective source; denounces cases in which certain business operators finance directly or indirectly any action to encourage the dissemination of messages or comments appearing to emanate from consumers themselves when in reality these are messages of an advertising or commercial nature, and calls on the Commission and the Member States to ensure proper application of the Unfair Commercial Practices Directive in this regard;

18. Suggests that the Member States encourage the emergence of forum observers/moderators who are alert to the dangers of hidden advertising, as well as the development of information campaigns aimed at warning consumers of these ‘hidden’ forms of advertising;

19. Points out that the campaign at European level against this hidden advertising is of great importance for cleaning up the market and boosting consumer confidence, as to some professionals it may be a means of bending the competition rules and artificially over-valuing, without cost, their own company or even unfairly maligning a competitor;

20. Voices its concern about the routine use of behavioural advertising and the development of intrusive advertising practices (such as reading the content of e-mails, using social networks and geolocation, and retargeted advertising) which constitute attacks on consumers‘ privacy;

21. Emphasises the risk presented by companies that are both content providers and advertising sales houses (owing to the potential for cross-referencing data collected in the course of each of these activities); calls on the Commission and Member States to ensure that different levels of data collection are kept wholly separate;

22. Stresses that consumers must receive clear, accessible and comprehensive information about how their data are collected, processed and used and urges advertisers to work towards a standard use of the consumer-friendly opt-in format; notes that this personal data should be kept and used only with the explicit agreement of the consumer;

23. Stresses the need for consumers to be informed fully when they accept advertising in exchange for discounts based on behavioural marketing techniques;

24. Underlines the need to incorporate privacy issues as standard in future technological solutions which involve personal data; considers that developers of new technology must, from the very beginning of the development process, incorporate data security and protection in line with the highest standards and with reference to ‘Privacy by Design’;

25. Calls on the Commission to explore the various means (whether legislative or not) and ascertain the technical options at European Union level to effectively implement the following measures:


– carry out an in-depth study of new advertising practices involving online communication or portable devices; report the results of the study to Parliament;
– prohibit as soon as possible the systematic, indiscriminate sending of text message advertisements to all mobile phone users within the coverage area of an advertising poster equipped with Bluetooth technology without their prior consent;
– ensure that advertising practices respect the confidentiality of private correspondence and legislation applicable in this area; prohibit as soon as possible the reading by a third party, particularly for advertising or commercial purposes, of the content of private e-mails;
– require as soon as possible advertisements sent by e-mail to contain an automatic link enabling the recipient to refuse all further advertising;
– ensure as soon as possible the application of techniques making it possible to distinguish advertising tracking cookies, for which free and explicit prior consent is required, from other cookies;
– ensure that the use of default settings for computer systems sold to the public and for social networking services is systematically established in accordance with the strictest data protection standards (‘privacy by design’);
– develop an EU website labelling system, modelled on the European Privacy Seal, certifying a site's compliance with data protection laws; considers that this should include a thorough impact assessment and must avoid duplication of existing labelling systems;
– pay particular attention, in cooperation with national advertising authorities and/or self-regulatory bodies, to misleading advertising, including online, in specific sectors such as the selling of food products, pharmaceuticals and medical care, where the health of consumers, on top of their economic interests, is likely to be affected, with potential serious consequences;
– modify the limited liability regime for information society services in order to make the sale by search engines of registered brand names as advertising keywords subject to prior authorisation from the owner of the brand name in question;


Protecting vulnerable groups

26. Calls on the Commission to conduct a detailed analysis of the impact of misleading and aggressive advertising on vulnerable consumers, in particular children and adolescents, by 2012, and to guarantee the proper application of the relevant laws on the protection of children and adolescents;

27. Calls on the Commission to carry out as a matter of priority an in-depth study on the precise socio-psychological effects of advertising, in view of the new refined techniques being deployed;

28. Stresses that children and adolescents are especially vulnerable categories of people in view of their great receptiveness and curiosity, lack of maturity, limited free will and high potential to be influenced, especially through the use of new means of communication and technologies;

29. Urges Member States to promote greater protection of vulnerable consumers, such as children, to encourage the media to restrict TV advertising addressed at children during TV programmes watched mainly by the young (such as children's educational programmes, cartoons, etc.), given that similar measures are already being implemented in some Member States;

30. Calls for all children's specific interests to be free from targeted advertising;

31. Draws attention to the vulnerability of consumers to mimetism, which can lead to inappropriate behavioural attitudes, violence, tensions, disappointment, anxiety, harmful addictions (smoking, drugs), eating disorders, such as anorexia nervosa and bulimia, and disturbance of mental equilibrium; calls on all advertising agencies and media professionals to reconsider the promotion of extremely skinny models (men or women) in order to avoid harmful messages about appearance, body imperfections, age and weight, taking into account the influence and impact of advertising on children and young people;

Guaranteeing gender equality and human dignity in advertising

32. Calls on the Commission and Member States to take appropriate means to ensure that marketing and advertising guarantee respect for human dignity, without any discrimination based on gender, religion, convictions, disability, age or sexual orientation;

33. Takes the view that advertising can be an efficient tool in challenging and confronting stereotypes and a lever against racism, sexism and discrimination, essential in today's multicultural societies; calls on the Commission, Member States and advertising professionals to strengthen training and education activities as a way to overcome stereotypes, combat discrimination and promote gender equality, especially from a young age; urges the Member States in particular to introduce and develop close cooperation with existing schools of marketing, communication and advertising, so as to help provide sound training for the sector's future workforce;

34. Urges the Commission to promote comparative research and documentation among the Member States concerning the image of women being projected by advertising and marketing content and to identify good practices for effective and gender-friendly advertising;

35. Urges the Commission and Member States to consolidate the role and encourage the consultation of user and/or consumer organisations responsible for evaluating the impact of advertising on gender outlook and elsewhere;

36. Stresses that advertising often communicates discriminatory and/or undignified messages based on all forms of gender stereotyping, which hinder gender equality strategies; calls on the Commission, Member States, civil society and advertising self-regulatory bodies to cooperate closely to combat such practices, notably by using effective tools which guarantee respect for human dignity and probity by marketing and advertising;

37. Stresses that, since the advertising of consumer goods is associated directly with the press, radio and television media, of which it is an inseparable component, and indirectly with the film industry and television series in the form of product placement, it follows that reliable advertising and the promotion of healthy role models may have a positive influence on society's perceptions of issues such as gender roles and the human body image and normality; encourages advertisers to be more constructive in their advertisements, in order to promote the positive role of women and men in society, at work, in the family and in public life;

Educating and informing the various stakeholders

38. Stresses the crucial importance of transparency and consumer information in the advertising field, and the need for consumers to develop a critical attitude to the quality of media content;

39. Calls on the Commission to:


– include some additional advertising-related indicators in the Consumer Markets Scoreboard (as well as the data already included on fraudulent or mendacious advertising); draws attention, however, in this connection to the terms of its resolution of 9 March 2010(14) stipulating that adding further indicators may be useful when the five basic indicators and the associated methodology have been developed to a sufficiently high level;
– devise information campaigns on consumers‘ rights in respect of advertising, including the use of their personal data, and to develop educational material explaining how they can protect their privacy on the internet and what they can do to put a stop to any situation that undermines their privacy or dignity;
– develop an EU programme designed to teach children to be wary of advertising, modelled on the United Kingdom's Media Smart initiative;
– require, as soon as possible, the insertion of the clearly readable words ‘behavioural advertisement’ into the relevant online advertisements, as well as a window containing a basic explanation of this practice;


40. Calls on the Commission to draft common guidelines for SMEs and on the Member States to encourage national authorities and/or self-regulatory bodies to provide advisory services for SMEs and conduct information campaigns designed to alert SMEs to their legal obligations in respect of advertising;

o
o o

41. Instructs its President to forward this resolution to the Council, the Commission and the governments and parliaments of the Member States.


(1) . OJ L 149, 11.6.2005, p. 22.
(2) . OJ L 376, 27.12.2006, p. 21.
(3) . OJ L 95, 15.4.2010, p. 1.
(4) . OJ L 364, 9.12.2004, p. 1.
(5) . OJ C 83, 30.3.2010, p. 389.
(6) . OJ L 281, 23.11.1995, p. 31.
(7) . OJ L 201, 31.7.2002, p. 37.
(8) . OJ L 178, 17.7.2000, p. 1.
(9) . Texts adopted, P7_TA(2010)0046.
(10) . Texts adopted, P7_TA(2010)0051.
(11) . OJ C 46 E, 24.2.2010, p. 26.
(12) . OJ C 16 E, 22.2.2010, p. 5.
(13) . OJ C 295 E, 4.12.2009, p. 43.
(14) . P7_TA-PROV(2010)0051.

European Parliament demands that Commission protect web users from advertising

The European Parliament has asked the European Commission to come up with plans to control online advertising more closely; give internet users more control of their privacy; and stop companies publishing advertising masquerading as opinion.

It has asked the Commission to introduce rules that force companies to be more up front about behavioural advertising; that give internet users rights to opt out of advertising; and that create a labelling system indicating whether sites respect users' privacy.

The Parliament adopted a Resolution on the impact of advertising on consumer behaviour in which it expressed serious reservations about the use of sophisticated technologies in advertising systems to track users' activity.

"[The Parliament] voices its concern about the routine use of behavioural advertising and the development of intrusive advertising practices (such as reading the content of e-mails, using social networks and geolocation, and retargeted advertising) which constitute attacks on consumers‘ privacy," said the Resolution.

"The development of targeted (contextual, personalised and behavioural) advertising, supposedly tailored to internet users‘ interests, constitutes a serious attack on the protection of privacy when it involves tracking individuals (through cookies, profiling and geolocation) and has not first been freely and explicitly consented to by the consumer," it said.

"The personalisation of advertising messages must not lead to the development of intrusive advertising infringing legislation on the protection of personal data and privacy," it said. "The development of new advertising practices online and via mobile devices is generating a range of problems that need dealing with in order to safeguard a high level of protection for users."

The Parliament said that the European Commission must ensure that rules already in place at EU level are implemented and enforced by countries.

"[The Parliament] calls on the Commission to update, clarify and strengthen its guidelines on the implementation of the Unfair Commercial Practices Directive on a very regular basis and ensure that they are translated into the EU's official languages, and calls on the Member States to take those guidelines into account as far as possible," it said.

"[It] calls on the Commission and the Member States to evaluate the implementation of national codes of conduct relating to the media and new information and communication technologies [and] calls on the Member States to assess the effectiveness of national self-regulatory bodies," it said.

The Parliament expressed particular disquiet about 'astro-turfing', the false creation of seemingly grass roots support for products or causes. Advertisements contained in comments and reviews on websites or on social networking sites will be misleading if not badged correctly, it said.

"In view of a degree of consumer fatigue at the proliferation of advertising messages there is a temptation today to use the new communications technologies to disseminate commercial messages even when they are not clearly designated as such and are thus likely to mislead consumers," it said.

"[The Parliament] denounces the development of ‘hidden’ internet advertising that is not covered by the Unfair Commercial Practices Directive (consumer-to-consumer relationships), in the form of comments posted on social networks, forums and blogs, the content of which is difficult to distinguish from mere opinion," it said.

"[It] considers indeed that there is a risk that consumers will make wrong decisions in the belief that the information on which they are based stems from an objective source," it said. "[It] calls on the Commission and the Member States to ensure proper application of the Unfair Commercial Practices Directive in this regard."

The Parliament also said that the Commission should ensure that recipients of advertising material should be able to reject all future material at the click of a mouse. It said the Commission should "require as soon as possible advertisements sent by e-mail to contain an automatic link enabling the recipient to refuse all further advertising".

The Commission should also "develop an EU website labelling system, modelled on the European Privacy Seal, certifying a site's compliance with data protection laws," said the Resolution.

BS 8878:2010 Web Accessibility

BS 8878:2010
Web accessibility. Code of practice

If you want to ensure any web product you commission or design is accessible for all, then this new standard will help you. BS 8878 is the first British Standard to address the growing challenge of digital inclusion. It applies to all web products, including websites, web-services and web-based workplace applications (e.g. web-based email interface) that are delivered to users via Internet Protocol, through a web browser.
BS 8878 has been designed to introduce non-technical professionals to accessibility, usability and user experience for disabled and older people. It will be especially beneficial to anyone new to this subject as it gives guidance on process, rather than on technical and design issues.

BS 8878 is also cited in the Department for Business’s new e-Accessibility Action Plan and is the basis for updated government advice on making websites more accessible.
Both the public and private sector can benefit from this new standard. There are three main reasons for organizations and businesses to take steps to make their web products more accessible and usable:
Commercial reasons — as this standard will allow site owners to reach a wider audience for their products and services, opening up new markets and opportunities
Ethical reasons — as it will help ensure that disabled and older people are not excluded from the benefits of the digital age, and are able to use new technologies to increase their ability to live independently, and to be fully engaged members of society
Legal reasons — as many web products unwittingly and unlawfully exclude disabled and older people; yet in most cases the barriers these web products present can be removed.
BS 8878 provides guidance on how to remove the barriers to inclusion and highlights a simple truth: if accessibility is built-in, it’s a win-win for site owners and users.

The “moment of truth” for the Data Retention Directive: EDPS demands clear evidence of necessity

The “moment of truth” for the Data Retention Directive: EDPS demands clear evidence of necessity

In a speech today at the European Commission conference in Brussels on “Taking on the Data Retention Directive”, Peter Hustinx, the European Data Protection Supervisor (EDPS), strongly argued in favour of seizing the opportunity of the ongoing evaluation process to clearly demonstrate the necessity and justification for the Data Retention Directive.

The EDPS emphasised once again that the retention of traffic and location data of all persons in the European Union (EU), whenever they use the telephone or the Internet, is a huge interference with the right to privacy of all citizens. As such, the EDPS regards the Directive as the most privacy invasive instrument ever adopted by the EU in terms of scale and the number of people it affects.

Such a massive invasion of privacy needs profound justification. The EDPS therefore called on the European Commission to use the evaluation exercise to actually prove the necessity of the Directive. Concrete facts and figures should also make it possible to assess whether the results presented in the evaluation could have been achieved with other less privacy invasive means.

“The evaluation we are currently waiting for is the moment of truth for the Data Retention Directive”, said Peter Hustinx. “Evidence is required that it constitutes a necessary and proportionate measure. Without such proof, the Directive should be withdrawn or replaced by a less privacy invasive instrument which meets the requirements of necessity and proportionality.”

The EDPS further insisted on the fact that the Data Retention Directive clearly failed to harmonise national legislation. Significant discrepancies between the implementing laws of the EU Member States have led to legal uncertainty for citizens. It has also resulted in a situation where the use of the retained data is not strictly limited to the combat of really serious crimes.

According to the EDPS, a new or modified EU instrument on data retention should be clear about its scope and create legal certainty for citizens. This means that it should also regulate the possibilities for access and further use by law enforcement authorities and leave no room for the Member States to use the data for additional purposes.

Background information

The Data Retention Directive (Directive 2006/24/EC (pdf)) requires public electronic communications providers (telephone companies, mobile telecoms, Internet service providers) to retain traffic, location and subscriber data for the purpose of the investigation, detection and prosecution of serious crime.

The Directive is currently undergoing an evaluation process that seeks to assess its application by Member states, and its impact on businesses and consumers. The aim is also to establish whether the Directive is proportionate in relation to the law enforcement benefits it yields, the costs for the market, and the impact on fundamental rights, in particular the rights to privacy and the protection of personal data. The outcome of the evaluation will assist the Commission in determining whether a revision of the Directive is necessary.

The speech (pdf) is available on the EDPS website. For more information: press@edps.europa.eu
EDPS – The European guardian of personal data protection

www.edps.europa.eu

IPv6

8 Aralık 2010 ÇARŞAMBA
Resmî Gazete
Sayı : 27779

GENELGE

Başbakanlıktan:

Konu : Kamu Kurum ve Kuruluşları için

IPv6’ya Geçiş Planı

GENELGE

2010/25

Bilgi ve iletişim teknolojileri, özellikle de internet, son yıllarda büyük bir hızla gelişmekte ve yaygınlaşmaktadır. Buna karşılık, hâlihazırda internet bağlantısı için dünya çapında kullanılmakta olan IPv4 adresleri tükenmektedir. Bu soruna çözüm olarak geliştirilen IPv6 protokolü yakın bir gelecekte internete bağlanmak için IPv4 protokolünün yerini alacaktır. Dünya çapında IPv6'ya geçiş çalışmaları özellikle son yıllarda hız kazanmış olup internetin sürekliliğinin sağlanması ve gelişiminin devamı için IPv6’ya hazır olunması ve geçiş çalışmalarına başlanması önem arz etmektedir.

Bu alanda dünyada yaşanan gelişmelere paralel olarak ülkemizde de IPv4’ten IPv6’ya geçiş çalışmalarının başlatılması gereğinden hareketle, E-Dönüşüm Türkiye İcra Kurulunun 15/7/2009 tarihli ve 27 sayılı kararı ile; ülkemizde IPv6’ya geçişe ilişkin farkındalık oluşturulması, yol haritasının hazırlanması, ilgili tüm paydaşlarla işbirliği içerisinde ihtiyaç duyulan tedbir ve politika önerilerinin geliştirilmesi çalışmalarını yürütmek üzere Bilgi Teknolojileri ve İletişim Kurumu görevlendirilmiştir.

TÜBİTAK Kamu Kurumları Araştırma ve Geliştirme Projelerini Destekleme Programı çerçevesinde kabul edilen ve www.ipv6.net.tr adresinden ulaşılabilen "Ulusal IPv6 Protokol Altyapısı Tasarımı ve Geçişi Projesi" kapsamında Ek’te yer alan “Kamu Kurum ve Kuruluşları için IPv6’ya Geçiş Planı” hazırlanmıştır. Söz konusu planın amaçları;

1. İnternete sadece IPv6 adresleri ile erişmek zorunda kalacak olan kullanıcılara hizmet sunulabilmesi amacıyla, kamu kurum ve kuruluşlarının belirli bir zaman içinde hizmetlerini IPv4’ün yanı sıra IPv6’yı da destekler hale getirmeleri,

2. Kamu kurum ve kuruluşlarının internet üzerinden sundukları hizmetlerde, IPv6’nın sağladığı güvenlik, verimlilik, hizmet kalitesi gibi özelliklerden faydalanmaları,

3. Bilişim sektöründe Ar-Ge faaliyetlerinde bulunan kurum ve kuruluşların IPv6’ya geçişinin tetiklenmesi ve ülkemizin teknoloji üreten bir ülke konumuna gelmesinin teşvik edilmesi

olarak belirlenmiştir.

Bu amaçlara ulaşılması için tüm kamu kurum ve kuruluşları tarafından Ek’te yer alan Plan çerçevesinde gerekli çalışmalar yapılacaktır. Dışişleri Bakanlığı, Türk Silahlı Kuvvetleri, MİT Müsteşarlığı, Emniyet Genel Müdürlüğü, Jandarma Genel Komutanlığı, Sahil Güvenlik Komutanlığı ve Telekomünikasyon İletişim Başkanlığının geçiş planları, yürüttükleri görevlerin özel niteliği gereği kendileri tarafından belirlenecektir.

Bilgilerini ve gereğini rica ederim.



Recep Tayyip ERDOĞAN

Başbakan



Ek: Kamu Kurum ve Kuruluşları için IPv6’ya Geçiş Planı



1. Aşama (1 Ocak 2011 - 31 Ağustos 2012):

1.1. Kamu kurum ve kuruluşları 31 Mart 2011 tarihine kadar aşağıda belirtilen unsurların IPv6 desteğinin olup olmadığı konusunda bir envanter çıkarma çalışması yapacaktır;

• Üçüncü seviye anahtarlama cihazları,

• Yönlendirici cihazlar,

• Güvenlik cihazları,

• İnternet üzerinden dışarıya verilen hizmetler ve bu hizmetlerin verilmesini sağlayan yazılımlar.

1.2. İlgili yazılım veya donanımın faydalı kullanım ömürleri göz önünde bulundurularak IPv6 desteği bulunmayan unsurların yenilenmesi için plan yapılacak ve satın alınması öngörülen mal veya hizmetlerin finansmanı bütçe çalışmalarına dâhil edilecektir.

1.3. Kamu kurum ve kuruluşları en geç 31 Ağustos 2012 tarihi itibariyle IPv6 adresi ve IPv6 bağlantılarını temin etmiş olacaklardır.

1.4. 31 Ağustos 2012’den sonra IPv6’yı desteklemeyen hiçbir ağ donanım ve yazılımına yatırım yapılmayacaktır.

1.5. Kamu kurum ve kuruluşları, bilgi işlem personelinin IPv6’ya geçiş ve IPv6 destekli hizmetlerin verilebilmesi konusunda eğitim ihtiyaçlarını belirleyeceklerdir. Gerekli eğitimler 1 Mart 2012 tarihine kadar tamamlanacaktır.

1.6. Kamu kurum ve kuruluşları, eğitim ihtiyaçlarını ücret mukabilinde Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - Ulusal Akademik Ağ ve Bilgi Merkezi (ULAKBİM) bünyesinde oluşturulacak olan “IPv6’ya Geçiş Eğitimi Merkezi”nden karşılayabileceklerdir. Bu eğitimin içeriği ve programı ULAKBİM tarafından belirlenecek ve duyurulacaktır.

1.7. İlgili eğitimin “IPv6’ya Geçiş Eğitimi Merkezi”nden alınmadığı hallerde, eğitim alınacak kuruluşun bilgisayar ağları eğitimi hususunda TS EN ISO/IEC 17024 veya ISO/IEC 17024 standardına göre akredite edilmiş, “personel belgelendirme kuruluşu” olması gerekmektedir.

2. Aşama (1 Eylül 2012 - 31 Aralık 2012):

2.1. IPv6 bağlantısı ve adresi temin eden kamu kurum ve kuruluşları 31 Aralık 2012 tarihine kadar internet üzerinden verdikleri en az bir adet hizmeti pilot uygulama olarak IPv6 destekli hale getireceklerdir.

3. Aşama (1 Ocak 2013 - 31 Ağustos 2013):

3.1. Kamu kurum ve kuruluşları en geç 31 Ağustos 2013 tarihine kadar internet üzerinden verdikleri kamuya açık tüm hizmetleri IPv6’yı destekler hale getireceklerdir.

FTC Releases Privacy Report

The U.S. Federal Trade Commission has released its long-anticipated staff report [http://r20.rs6.net/tn.jsp?llr=f9ki7zaab&et=1104009456381&s=39742&e=001JKTuHh1kqQXQM1UrcevQbK0aHa7-Tg6YszcJwgVO3KUHCHH3pVwabMNDVyrRv5yK72ZUVQ3-aDD2iNjZKaJIGdM3EeHHIDK2YZCijPkgPNC3jI0TbwZfuy7xl6m5E3vpXXjdjBi6LK_Kw0fx4S_cxje_bgu5m77e]on consumer privacy. The report, "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework
for Businesses and Policymakers [http://r20.rs6.net/tn.jsp?llr=f9ki7zaab&et=1104009456381&s=39742&e=001JKTuHh1kqQV4C3LvshVlOJFLGjz9I4ioogvnFXLmLDWDMWXJqnN1rTBhAA44mEdNWUdQ9GHtm5P1GmMopnOzAg88i5Mk81HigphGRJ25KROTEvSqPDlJcDTftPViHKNIW-z0zs9X-yo8h0hVAde2q9N4XyHFQbce]," is the culmination of the FTC's "privacy rethink"
project and includes preliminary recommendations. "The report appears to address
the key themes that [the commission] previously had indicated would be covered,"
said [http://r20.rs6.net/tn.jsp?llr=f9ki7zaab&et=1104009456381&s=39742&e=001JKTuHh1kqQWNGDsTDVCKRbyBhAsxR0Xhm86VqIrUGRzhtgWpuQxenaHMKUEFvjBT_khZMofPsXuiWzKGt_CyuPqV4Yu_UI1CU0nu38mC0fJpgVz91a8FM1fihomSVBn4lHmRvqJYM_Gp8Ew01YF2pm-N7D6qVyUSdnsXb6corGWtrq1Avq360nz29CcOPXT2grC33Mv_ptwJvV0U7p2jvqdzcRWth2gqNphwWnrYcpk=]Hunton & Williams partner Lisa Sotto. "Industry leaders undoubtedly
will pay close attention to the FTC's pronouncements."

Full Story [http://r20.rs6.net/tn.jsp?llr=f9ki7zaab&et=1104009456381&s=39742&e=001JKTuHh1kqQUW3Q_2OfT8ronUOgab5tClXDJFHOFNy7JoRmczgVlBFzsO7i_LLZNVYNG8M2tjbiqW-rmUa8JoKdOif8QoHpewNeNbVhhH3ONVFaOnpoq5NWwtWVRVgt3VCCYHId-maC8k3vWejlwLGO0ICuiU1v7sGwNpnCnSnoYmRa1uTKYg3dWimoCWgu4L]

Bilişim ve Teknoloji Hukuku Yüksek Lisans Programı Bahar Dönemi Başvuruları

İstanbul Bilgi Üniversitesi Bilişim ve Teknoloji Hukuku Enstitüsü, Bilişim ve Teknoloji Hukuku Yüksek Lisans Programı'nın Bahar Dönemi 14 Şubat-22 Mayıs 2011 tarihleri arasında yapılacaktır.

Program, Bahar döneminde de öğrenci kabulü yapacaktır. Başvurmak isteyen adaylar için ilan edilen takvim aşağıdaki gibidir:

06 Aralık 2010 Pazartesi (Başvuru başlangıcı)
20 Ocak 2011 Perşembe (Son başvuru)
22 Ocak 2011 Cumartesi (Mülakat)
25 Ocak 2011 Salı (Kabul ilan)
25 Ocak-12 Şubat (Kayıt)

Article 29 Working Party Calls for "Strict" General Agreement

ARTICLE 29 Data Protection Working Party
This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data
protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.
The secretariat is provided by Directorate C (Fundamental Rights and Union Citizenship) of the European Commission,
Directorate General Justice, B-1049 Brussels, Belgium, Office No LX-46 01/190.
Website: http://ec.europa.eu/justice/policies/privacy/index_en.htm
Brussels, 19 November 2010
D(2010) 837566

Vice-President Viviane Reding
Commissioner for Justice, Fundamental
Rights and Citizenship
European Commission
Rue de la Loi, 200
B - 1049 BRUSSELS
Subject: EU-US General Agreement

Dear Vice President,
On 26 May 2010 the European Commission presented the draft negotiating mandate for an
agreement between the European Union and the United States of America on the protection of personal data when transferred and processed for the purpose of preventing, investigating, detecting or prosecuting criminal offences, including terrorism, in the framework of police cooperation and judicial cooperation in criminal matters (hereafter: the EU-US general agreement). The Article 29 Working Party understands the negotiating mandate has been under discussion in both the Council and the European Parliament in recent months and may be adopted by the Justice and Home Affairs Council in early December.

The Working Party regrets that it has not been consulted on the content of the negotiating mandate for this agreement, since these negotiations with the US are bound to be one of the most important steps within the area of data protection the EU is to take in the coming years.

The Working Party has therefore decided, having in mind their joint contribution with the Working Party on Police and Justice (WPPJ) to the public consultation on the EU-US agreement1, to address this letter to the three main EU institutions to voice its concerns. Since the draft mandate as adopted by the European Commission is confidential, the Working Party has had to base its considerations on publicly available information. You will find that the issues raised in this letter are consistent with the joint contribution mentioned above, as well as with the recently adopted opinion on the Communication on a Global Approach for the transfer of Passenger Name Record (PNR) data2. Nevertheless, the European Data Protection Authorities feel it is necessary to reiterate these points as the future EU-US general agreement will set the standard for many years to come, including for negotiations on similar agreements with other third countries.

1 Joint Contribution of the European Data Protection Authorities as represented in the Working Party on Police and
Justice and the Article 29 Working Party
2 Opinion 7/2010 of 12 November 2010

Scope of the agreement
The future EU-US general agreement is to be seen as a so-called ‘umbrella agreement’, in which detailed data protection provisions are to be established. The agreement is however a lex generalis and cannot be considered a legal basis for data sharing. This means that for specific exchanges of personal data from the EU to the US and vice versa, specific sectoral agreements remain necessary. In these sectoral agreements, a standard provision referring to the EU-US general agreement should be included. Since the purpose of the EU-US general agreement is to ensure a coherent approach and equal treatment of citizens on all occasions, it should not be possible to derogate from that agreement in a specific sectoral agreement.
Existing sectoral agreements should until their revision be applied consistently with the data protection provisions of the EU-US general agreement.
One of the main questions to be discussed with the US concerns the scope of the agreement.
The Working Party remains in favour of a widely applicable agreement, to ensure a coherent and high level of data protection. That said, the Working Party argues at the same time for a clear purpose limitation. This means the agreement should be applicable to all transfers of personal data to prevent, detect, investigate and prosecute serious transnational crime and terrorist acts. This purpose should be clearly defined by the agreement, preferably including a definition of ‘law enforcement purposes’.
The Working Party is hesitant about the inclusion of data related to immigration, visa and asylum. These data are not to be used for law enforcement purposes, since that would be contradictory to the purpose limitation principle. However, if these data are in the future exchanged with the US for law enforcement purposes based on specific agreements approved by the EU Member States and the European Parliament, the data protection principles of the EU-US general agreement should be applicable in full. If that were to be the case, only personal data could be exchanged which is held in police databases and lawfully used for law enforcement purposes in the first place. Civil law data should not be included in the agreement, as it is of a completely different nature.

National security exception

From a non-final version of the draft mandate, the Working Party understands the
Commission is considering including an exception in the agreement for the transfer of data concerning ‘essential national security interests and specific intelligence activities in the field of national security’. The Working Party understands this is due to the fact that national security remains an exclusive domain for the Member States, but nevertheless opposes this exception. As mentioned before, the future EU-US agreement should also cover bilateral agreements between Member States and the US, at which level agreements dealing with national security could be negotiated.
One of the main purposes of the future agreement is to offer a high level of data protection for data exchanged for, among others, the purpose of fighting terrorism. Therefore, it is fundamental that data used in the fight against terrorism is not immediately identified as essential to national security interests and so not covered by the agreement. If any exception with regard to the protection of information of relevance to, or stemming from, the security services is to be included in the agreement - of which the European data protection authorities
are not convinced - it should be formulated very specifically, to make sure the exception can only be invoked under very specific circumstances.

Information from private entities

Information that is to be used in transatlantic police and judicial cooperation in criminal matters will mainly originate from European law enforcement authorities. However, the amount of data requested from private entities to fight crime is ever growing. The most clear example is the TFTP II agreement giving the US Treasury the possibility to request information related to bank transfers from the EU. Preparations for a new PNR agreement are also being made at this time. The Working Party therefore believes that information originating from private entities which is requested by the US competent authorities to prevent, detect, investigate and prosecute transnational crime and terrorist acts should in any case be covered by the future general EU-US agreement.

Application of the EU-US general agreement to existing agreements

Until now, the US has concluded many bilateral and multilateral agreements with the Member States and the EU to exchange personal data for police and criminal justice cooperation. These agreements may have separate data protection regimes and therefore different and not always consistent levels of protection for individuals. It would therefore be advantageous if all these regimes were replaced by a single, uniform and consistent data protection regime.

However, at a hearing in the European Parliament on 25 October 2010, US ambassador
Kennard stated the US is concerned about the so-called ‘retroactive’ application of the future agreement. This would ‘sow confusion among law enforcement and judicial authorities and threaten our most serious prosecutions’, he said. According to the Working Party it is rather the current situation that sows confusion, both for the citizen wishing to exercise his or her rights and for the supervisory authorities wishing to exercise theirs. The Working Party therefore urges the Commission as the designated negotiator for the EU to make sure the future agreement will be ‘retroactively’ applicable and thus cover all existing multilateral and
bilateral agreements between the EU and/or its Member States and the US, unless the current level of data protection is higher than the level of protection offered by the EU-US general agreement. Where agreements need to be amended to comply with the future EU-US general agreement, a transitional period of no more than three years would be acceptable.
In this connection, the Member States should provide the Commission with copies (or a list)of the existing bilateral and multilateral agreements they entered into with the US insofar as they relate to the scope of the future EU-US general agreement.
Respect for fundamental rights. It should speak for itself that the future agreement should fully meet the conditions set out in the EU’s legal framework on privacy and data protection, both in the former first and the former third pillars, especially after the entry into force of the Treaty of Lisbon. This means, among others, that the rights attributed to data subjects in both Directive 95/46/EC, Framework Decision 2008/977/JHA and their national implementation should at least be
ensured in the agreement. It should speak for itself that all rights attributed to the data subject should be exercisable in practice as well. Specific attention is to be paid to the revision of Directive 95/46/EC which is currently underway, especially since the new comprehensive framework will probably also cover the former third pillar issues. The Working Party considers that even if the revision of the general data protection framework is not concluded before the negotiations on the future EU-US general agreement are finalised, new intra-European developments should be fully taken into account in the negotiations. Furthermore, the agreement should respect the right of the protection of the citizens’ fundamental rights as is laid down in the EU’s Charter of Fundamental Rights, which has a binding legal status since the entry into force of the Treaty of Lisbon. In this regard, one point
of specific concern to the European Data Protection Authorities is that data transferred may be used in a way that conflicts with a fundamental right, such as leading to the imposition of the death penalty. The Working Party therefore argues for a provision in the future agreement that denies the transfer of data when these data will be used in a case that may lead to a conflict with the fundamental rights in the Charter.

Data protection principles

The data protection principles that are to be included in the future agreement have mainly been the outcome of the work of the so-called EU-US High Level Contact Group (HLCG). In general, the Working Party recognises that those principles correspond – to a certain extent –to the basic data protection requirements. There are however some principles to which extra attention needs to be paid, mostly following recent experiences with the negotiations resulting in the TFTP II agreement which is unsatisfactory from a data protection perspective.
Additionally, the Working Party wishes to stress the importance of state of the art security for all data transfers and data storage, including access logs.

Effective and enforceable rights
First of all, the future agreement should include effective and enforceable rights for all data subjects. The nationality or country of residence of an individual should be of no importance when he or she wants to access, rectify or expunge his or her personal data. Furthermore, enforceable rights go hand in hand with transparency. The authorities receiving and processing data covered by the future agreement, both in the EU and the US, should be as transparent as is reasonably possible in a law enforcement environment. In particular,information should be easily available for individuals on how to exercise their rights, preferably directly but if need be indirectly. If the latter is the case, the agreement should
foresee a clear procedure on indirect access and indicate to which public authorities access and rectification requests should be addressed. The Working Party suggests that the European data protection authorities will in that case be designated as the relevant points of contact and will thus receive and process requests of access using their powers and competences and following the procedures foreseen in their national legislation. National data protection authorities should not be seen as a mere ‘mailbox’, as seems to be the case in the TFTP II Agreement. A mechanism for effective cooperation with their data protection ‘counterparts’
in the US should be introduced in the EU-US general agreement.

Administrative and judicial redress
A second point to be explicitly addressed in the agreement is the need for effective judicial redress. It is a fact that the current US Privacy Act of 1974 does not allow for non-US citizens or residents to go to court over a breach of this act. In the Parliaments‘ hearing referred to before, Ambassador Kennard expressed the view that this is not likely to change over the coming years. Therefore, it is of the utmost importance to grant effective redress to individuals by another binding instrument. For this reason it is necessary to include clear and precise procedures in the agreement making it possible for data subjects to seek an effective
administrative and subsequent judicial remedy before a competent authority. Once again, no distinction based on the nationality or country of residence of the person(s) involved should be made.

Bulk transfers
Even though this agreement shall not be a legal basis for the transfer of personal data from the EU to the US or vice versa, it should stipulate that any bulk transfer under the conditions of this ‘umbrella agreement’ is prohibited. All data transfers should at all times be subject to scrutiny on a case-by-case basis, providing for a check of the necessity and proportionality of that specific transfer. The check should also verify whether or not the transfer complies with the principle of purpose limitation.

Onward transfers
The Working Party is concerned about the way the US will handle the personal data received.
Strict conditions may apply on the processing of these data, but in the US an independent data protection supervisor to oversee the processing still has not been established. This is one of the main reasons why the Working Party calls for very strict rules on the onward transfer of EU-originating data.
First of all, a distinction should be made between the onward transfer of data to other authorities within the US and transfer to third countries. Where the intra-US transfer is concerned, the Working Party argues for a limited list of clearly defined competent authorities permitted to receive the data to be included as an annex to the future agreement. Transfer of EU-originating data to third countries should in principle not be allowed. Only after ensuring that the onward transfer is authorised on a case-by-case basis by prior express and written approval of the country of origin and while fully respecting the purpose for which the data
where transferred to the US in the first place, such a transfer to a third country could be acceptable. Furthermore, the receiving third country should meet the standards that afford an adequate level of data protection, as is meant in article 25 of Directive 95/46/EC and in article 13 of Framework Decision 2008/977/JHA.
In general, it should be pointed out that the authority that has originally requested the data is to be seen as the data controller, who remains responsible for the data even after a transfer to third parties. In case of doubt, the authority concerned should be obliged to withhold its consent to the disclosure of the data to a third party. Also, should misuse be made of the data by such a third party, the data subject should be able to hold the original recipient of the data to account.

Retention periods
As for all data processing, retention periods should be short and at least no longer than necessary for the performance of the defined tasks. In other words, they should be adequate and proportionate. This should be explicitly confirmed in the future agreement, by preference including an absolute maximum retention period. The retention period for a specific situation, depending on the conditions of that data processing defining “no longer than necessary”, should subsequently be laid down in the sectoral (multilateral or bilateral) agreements covered by the EU-US general agreement. The sectoral agreement should also include a provision demanding a regular review of the necessity to continue to keep the received data.

Joint review
To guarantee an effective application of the future agreement, it is important that regular joint reviews and evaluations take place. A standard provision to that effect should be included in the future EU-US agreement, as well as in all agreements to be covered by the EU-US general agreement. The Working Party argues for these to be carried out every other year, with the first review to take place 18 months after the entry into force of the future agreement. The joint review team should contain members from both the EU and the US and include representatives of the European data protection authorities (or of the relevant national data
protection authority where bilateral or multilateral agreements without EU involvement are concerned), as is the case for the TFTP II agreement.

Sunset clause
It is necessary to periodically reassess and evaluate the necessity of data exchanges. Such a comprehensive in-depth assessment cannot be done during a review as described above.
Therefore a sunset clause which mandates a thorough and independent assessment and
evaluation of the provisions of each system for data exchange should be be included in the EU-US general agreement and thus be introduced in every bilateral and multilateral agreement. After the date mentioned in the sunset clause is reached, no data can be exchanged unless the parties to the agreement specifically decide to extend the agreement.

Conclusion
The Working Party welcomes the initiative taken by the Commission to strive for a general agreement with the United States to ensure a high level of data protection when information is exchanged within the cooperation on police and criminal justice matters. Given experiences in the past and recognising the reality that the balance between security and privacy is often not always right, the Working Party is however concerned about the possible outcome of the negotiations. It therefore urges the Commission, the Council and the European Parliament to ensure a strict and far reaching negotiating mandate, to obtain a high level of data protection.
Coherence is needed in light of current developments, including the review of the EU data protection legal framework and the proposed negotiations with the US on a new PNR agreement.
As mentioned before, the Working Party recognises the importance of this agreement as one of the most important steps in data protection to be taken in the coming years. The European Data Protection Authorities therefore respectfully request to be given a role in developing the future agreement and to be given regular updates on the state of play. This would enable the Working Party, also given its role as an official advisory body of the Commission on data protection issues, to recommend possible solutions should difficulties arise.
The Working Party looks forward to receiving your response and remains at your disposal for further consultation when clarification or elaboration of its position is required.
Yours sincerely,
On behalf of the Article 29 Working Party,
Jacob Kohnstamm
Chairman of the Article 29
Working Party
Cc: Mrs. Cecilia Malmström, Commissioner for Home Affairs
Mr. Juan Fernando López Aguilar MEP, Chairman of the European Parliaments’
Committee on Civil Liberties, Justice and Home Affairs
Mr. Herman van Rompuy, President of the Council of the European Union
Mr. Stefaan de Clerck, Minister for Justice of Belgium

European Commission sets out Strategy to Strengthen EU Data Protection Rules

Brussels, 4 November 2010

European Commission sets out strategy to strengthen EU data protection rules

What happens to your personal data when you board a plane, open a bank account, or share photos online? How is this data used and by whom? How do you permanently delete profile information on social networking websites? Can you transfer your contacts and photos to another service? Controlling your information, having access to your data, being able to modify or delete it – these are essential rights that have to be guaranteed in today's digital world. To address these issues, the European Commission today set out a strategy on how to protect individuals' data in all policy areas, including law enforcement, while reducing red tape for business and guaranteeing the free circulation of data within the EU. This policy review will be used by the Commission with the results of a public consultation to revise the EU’s 1995 Data Protection Directive. The Commission will then propose legislation in 2011.

"The protection of personal data is a fundamental right," said Vice-President Viviane Reding, EU Commissioner for Justice, Fundamental Rights and Citizenship. "To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalisation. The Commission will put forward legislation next year to strengthen individuals' rights while also removing red tape to ensure the free flow of data within the EU’s Single Market."

Today's strategy sets out proposals on how to modernise the EU framework for data protection rules through a series of key goals:

•Strengthening individuals' rights so that the collection and use of personal data is limited to the minimum necessary. Individuals should also be clearly informed in a transparent way on how, why, by whom, and for how long their data is collected and used. People should be able to give their informed consent to the processing of their personal data, for example when surfing online, and should have the "right to be forgotten" when their data is no longer needed or they want their data to be deleted.

•Enhancing the Single Market dimension by reducing the administrative burden on companies and ensuring a true level-playing field. Current differences in implementing EU data protection rules and a lack of clarity about which country's rules apply harm the free flow of personal data within the EU and raise costs.

•Revising data protection rules in the area of police and criminal justice so that individuals' personal data is also protected in these areas. Under the Lisbon Treaty, the EU now has the possibility to lay down comprehensive and coherent rules on data protection for all sectors, including police and criminal justice. Naturally, the specificities and needs of these sectors will be taken into account. Under the review, data retained for law enforcement purposes should also be covered by the new legislative framework. The Commission is also reviewing the 2006 Data Retention Directive, under which companies are required to store communication traffic data for a period of between six months and two years.

•Ensuring high levels of protection for data transferred outside the EU by improving and streamlining procedures for international data transfers. The EU should strive for the same levels of protection in cooperation with third countries and promote high standards for data protection at a global level.

•More effective enforcement of the rules, by strengthening and further harmonising the role and powers of Data Protection Authorities. Improved cooperation and coordination is also strongly needed to ensure a more consistent application of data protection rules across the Single Market.

The way forward

The Commission's policy review will serve as a basis for further discussion and assessment. The Commission is calling on all stakeholders and the public to comment on the review's proposals until 15 January 2011. Submissions can be made on the Commission’s public consultation web site:

http://ec.europa.eu/justice/news/consulting_public/news_consulting_0006_en.htm

Building on this, the Commission will present proposals for a new general data protection legal framework in 2011, which will then need to be negotiated and adopted by the European Parliament and the Council.

In addition, the Commission will examine other measures, such as encouraging awareness-raising campaigns on data protection rights and possible self-regulation initiatives by industry.

Background

EU data protection rules (the 1995 Data Protection Directive 95/46/EC) aim to protect the fundamental rights and freedoms of natural persons, and in particular the right to data protection, as well as the free flow of data. This general Data Protection Directive has been complemented by other legal instruments, such as the e-Privacy Directive for the communications sector. There are also specific rules for the protection of personal data in police and judicial cooperation in criminal matters (Framework Decision 2008/977/JHA).

The right to the protection of personal data is explicitly recognised in Article 8 of the EU's Charter of Fundamental Rights and in the Lisbon Treaty. The Treaty provides the legal basis for rules on data protection for all activities within the scope of EU law under Article 16.

In 2009, the Commission launched a review of the current legal framework on data protection, starting with a high-level conference in May 2009, followed by a public consultation running until the end of 2009. Targeted stakeholders consultations were organised throughout 2010. In January 2010, Vice-President Viviane Reding announced the Commission's intention to modernise EU data privacy rules in a speech on Data Protection Day (see IP/10/63 and SPEECH/10/441) in her previous role as Information Society Commissioner. Today’s Communication was produced in agreement with Neelie Kroes, EU Commissioner in charge of the Digital Agenda.

Justice Directorate-General Newsroom:

http://ec.europa.eu/justice/news/intro/news_intro_en.htm

Homepage of Vice-President Viviane Reding, EU Commissioner for Justice, Fundamental Rights and Citizenship:

http://ec.europa.eu/commission_2010-2014/reding/index_en.htm

MEMO/10/542

İNTERNET ALAN ADLARI YÖNETMELİĞİ

7 Kasım 2010 PAZAR
Resmî Gazete
Sayı : 27752

YÖNETMELİK

Ulaştırma Bakanlığından:

İNTERNET ALAN ADLARI YÖNETMELİĞİ

BİRİNCİ BÖLÜM

Amaç, Kapsam, Dayanak, Tanımlar ve İlkeler

Amaç ve kapsam

MADDE 1 – (1) Bu Yönetmeliğin amacı; “.tr” uzantılı İnternet alan adları yönetimine ilişkin usul ve esasları düzenlemektir.

Dayanak

MADDE 2 – (1) Bu Yönetmelik, 5/11/2008 tarihli ve 5809 sayılı Elektronik Haberleşme Kanununun 5 inci, 34 üncü ve 35 inci maddelerine dayanılarak hazırlanmıştır.

Tanımlar ve kısaltmalar

MADDE 3 – (1) Bu Yönetmelikte geçen;

a) Alan adı: “.tr” uzantılı İnternet alan adını,

b) Bakanlık: Ulaştırma Bakanlığını,

c) CENTR: Avrupa Ulusal Üst Düzey Alan Adı Kayıt Kurumları Konseyini,

ç) ICANN: İnternet Tahsisli Adlar ve Sayılar Kurumunu,

d) İnternet alan adı: İnternet üzerinde bulunan bilgisayar veya İnternet sitelerinin adresini belirlemek için kullanılan İnternet protokol adresini tanımlayan adları,

e) İnternet alan adı sistemi: Okunması ve akılda tutulması kolay olan ve genelde aranan adres sahipleri ile ilişkilendirilebilen simgesel isimlerle yapılan adreslemede, karşılığı olan İnternet protokol adresini bulan ve kullanıcıya veren sistemi,

f) İnternet protokol adresi: Belirli bir ağa bağlı cihazların birbirini tanımak, birbirleriyle iletişim kurmak ve veri alışverişinde bulunmak için kullandıkları İnternet Protokolü standartlarına göre verilen adresi,

g) Kanun: 5809 sayılı Elektronik Haberleşme Kanununu,

ğ) Tahsise kapalı adlar listesi: Alt alan adları ile mevzuata, kamu düzenine ve genel ahlaka aykırı olma gibi sebeplerle tahsisine izin verilmeyen alan adlarından oluşan listeyi,

h) Tahsisi kısıtlı adlar listesi: Tarihi ve kültürel değerler bakımından halka mal olmuş alan adlarından oluşan listeyi,

ı) Kayıt Kuruluşu (KK): Başvuru, yenileme, iptal gibi alan adları ile ilgili işlemlerin yapılmasına aracılık eden tarafı,

i) Kurul: Bilgi Teknolojileri ve İletişim Kurulunu,

j) Kurum: Bilgi Teknolojileri ve İletişim Kurumunu,

k) Rehber: Tahsisli alan adlarına ilişkin alan adı sahibinin iletişim bilgileri ile alan adının tahsis süresinin başladığı ve bittiği tarihler gibi bilgileri içeren bir veritabanını,

l) Rehberlik hizmeti: Rehberde bulunan verilerin kamuoyunun erişimine açık tutulması hizmetini,

m) RIPE NCC: RIPE Şebeke Koordinasyon Merkezini,

n) .tr ağ bilgi sistemi (TRABİS): “.tr” uzantılı internet alan adı sisteminin ve buna ait merkezi veritabanının işletilmesine, rehberin oluşturulmasına, güncellenmesine ve rehberlik hizmetinin sunulmasına ve alan adı başvuru işlemlerinin gerçek zamanlı olarak yapılmasına imkân veren, tüm bu faaliyetlerin güvenli ve iş sürekliliğini sağlayacak şekilde gerçekleştirildiği sistemi,

o) Uyuşmazlık Çözüm Hizmet Sağlayıcı (UÇHS): Alan adları ile ilgili ihtilafların çözüm sürecini hakemler veya hakem heyetleri vasıtasıyla yürüten kamu kurumu niteliğindeki meslek kuruluşlarını, üniversiteleri veya uluslararası kuruluşları,

ifade eder.

(2) Bu Yönetmelikte geçen ve yukarıda yer almayan tanımlar ve kısaltmalar için, ilgili mevzuatta yer alan tanımlar ve kısaltmalar geçerlidir.

İlkeler

MADDE 4 – (1) Bu Yönetmeliğin uygulanmasında aşağıda belirtilen temel ilkeler gözetilir:

a) Objektif nedenler aksini gerektirmedikçe niceliksel ve niteliksel devamlılık, ayrım gözetmeme, düzenlilik, verimlilik, nesnellik, orantılılık, şeffaflık, kaynakların etkin kullanılması ve teknoloji bağımsız davranılması,

b) Serbest ve etkin rekabet ortamının sağlanması ve korunması,

c) Tüketici haklarının korunması,

ç) Hizmet kalitesinin yükseltilmesinin teşvik edilmesi,

d) Uluslararası uygulamaların ve standartların dikkate alınması,

e) Alan adlarına yönelik uygulamaların ülke koşullarına uygun, etkin ve uzun vadeli çözümler olması,

f) Makul koşullarda, kolaylıkla faydalanılabilecek uygulamaların teşvik edilmesi,

g) Gerçek ve tüzel kişilerin talep ettikleri hizmet dışında herhangi bir hizmeti satın almak zorunda bırakılmaması,

ğ) Üçüncü kişilerin haklarının korunması.

İKİNCİ BÖLÜM

Alan Adlarının Yapısı ve İlgili İşlemler

Alan adlarının yapısı

MADDE 5 – (1) Alan adlarının yapısı “a.b.tr” ve “a.tr” şeklindedir. Her iki yapıya özel hususlar bu Yönetmeliğin ekinde düzenlenmiştir.

Başvurulabilecek alan adları

MADDE 6 – (1) Başvuruda bulunulabilmesi için bir alan adının “a” kısmının;

a) Yalnız harfler (a-z), rakamlar (0-9) ve tire (-) işaretinden oluşması,

b) En az iki en fazla altmışüç karakter uzunluğunda olması,

c) Tire (-) işareti ile başlamaması ve/veya bitmemesi,

ç) Yalnızca üçüncü ve dördüncü karakterlerin birlikte tire (-) olmaması,

d) Başkasına tahsisli olmaması,

e) Tahsise kapalı adlar listesinde yer almaması

gerekmektedir.

Alan adı başvurusu

MADDE 7 – (1) Alan adına sahip olmak üzere gerçek veya tüzel kişiler başvurabilirler. Birden fazla alan adı için başvuruda bulunulabilir.

(2) Bu Yönetmeliğin 6 ncı maddesinde yer alan koşulları karşılamayan alan adları için yapılan başvurular kabul edilmez.

(3) Kişiler başvuru için Kurumun İnternet sitesinde yer alan KK’lardan birini tercih ederler. Kişiler, tercih ettikleri KK’nın İnternet sitesinde yer alan başvuru formunu doldurmak suretiyle başvuruda bulunurlar. Başvuru formunun tam ve doğru olarak doldurulmaması halinde alan adı başvurusu kabul edilmez.

(4) Kişiler, başvuru sırasında, yanlış bilgi verme, üçüncü kişilerin haklarını ihlal etme gibi fiillerin hukuki sonuçları konusunda genel olarak bilgilendirilirler.

(5) Kişiler, başvuru sırasında, üçüncü kişilerin haklarını ihlal etmeyeceklerini, alan adını hukuka aykırı bir şekilde kullanmayacaklarını ve iptal veya feragat durumunda bu işlemlerin kendi lehlerine bir hak doğurmayacağını kabul ettiklerini beyan ve taahhüt ederler.

(6) KK, alan adı başvuru talebini almasını müteakip TRABİS üzerinden gerekli işlemleri yapar.

Alan adı tahsisi

MADDE 8 – (1) Alan adı tahsisleri belgeli veya belgesiz olarak iki yöntemle yapılır.

(2) Belgesiz alan adı tahsisi “ilk gelen ilk alır” kuralının geçerli olduğu tahsislerdir. İlk gelenin tespitinde, alan adı başvurusunun TRABİS’e ulaştığı zaman kaydı esas alınır.

(3) Belgeli alan adı tahsisi, ilgili bilgi ve/veya belgelerin başvuru sahibi tarafından KK’ya verilmesini ve bu bilgi ve/veya belgelerin TRABİS’e ulaştırılmasını müteakip yapılan tahsislerdir. Belgeli olarak tahsis edilecek alan adları bu Yönetmeliğin ekinde düzenlenmiştir.

(4) KK’ların, TRABİS üzerinden başvuru işlemlerini tam ve doğru olarak tamamladıkları ve ücretini ödedikleri alan adları, başvuru sahiplerine tahsis edilir.

(5) Alan adı bir defada en az bir en fazla beş yıl süre için tahsis edilir.

Yenileme

MADDE 9 – (1) KK, alan adının tahsis süresinin bitmesine asgari üç ay kala alan adı sahibini asgari elektronik posta yoluyla bilgilendirir ve alan adı sahibinden yenileme işlemini gerçekleştirmesini talep eder.

(2) Sahip olduğu alan adının tahsisini yenilemek isteyen kişi, bu üç aylık süre içinde alan adının tahsisini yenilemek üzere bu Yönetmeliğin 7 nci maddesinin ilgili hükümleri çerçevesinde başvuruda bulunur. Bu talep doğrultusunda KK’nın TRABİS üzerinden gerekli işlemleri tamamlamasını ve yenileme ücretini ödemesini müteakip alan adı tahsisi yenilenir.

(3) Tahsis süresinin sonuna kadar yenileme işlemi tamamlanmayan alan adının kullanımı iki ay süre ile durdurulur. Bu süre içinde alan adı sahibinin başvurusu üzerine alan adı tahsis işlemi yenilenir. Aksi halde alan adı yeniden tahsise açılır.

(4) Yenileme sonrası tahsis süresi beş yılı aşamaz. Bu beş yılın sonunda sahip olunan alan adının tahsisi bu madde çerçevesinde yenilenebilir.

Feragat

MADDE 10 – (1) Kendisine tahsisli alan adını tahsis süresi bitmeden kullanmaya son vermek isteyen alan adı sahibi, alan adından feragat edebilir.

(2) Alan adı sahibi hizmet almakta olduğu KK’ya ait İnternet sitesinde yer alan ilgili formu tam ve doğru olarak doldurarak feragat talebini iletir. KK’nın TRABİS üzerinden gerekli işlemleri tamamlamasını müteakip feragat talebinin gereği yapılır.

(3) Alan adından feragat, alan adı sahibi lehine bir hak doğurmaz.

(4) Feragat edilen alan adı yeniden tahsise açılır.

İptal

MADDE 11 – (1) Alan adı tahsisi aşağıda belirtilen durumlarda alan adı sahibi ve ilgili KK bilgilendirilerek TRABİS vasıtasıyla iptal edilir:

a) Alan adı sahibinin verdiği bilgilerin tam ve/veya doğru olmadığının tespit edilmesi,

b) Alan adının tahsise kapalı adlar listesine alınması,

c) Alan adı tahsisinin iptali ile ilgili UÇHS tarafından Kuruma iletilen hakem ya da

hakem heyeti kararının bulunması ve kararın uygulanması için Kurum tarafından belirlenen gerekli şartların mevcut olması,

ç) Alan adı tahsisinin iptaline yönelik bir mahkeme kararının bulunması.

Yeniden tahsis

MADDE 12 – (1) Bu Yönetmeliğin 9 uncu maddesinde yenileme için belirtilen sürenin sonunda yenileme için bir talep gelmemesi halinde ilgili alan adı yeniden tahsise açılır ve bu alan adının tahsise açıldığı bilgisi Kurumun İnternet sitesinde yayımlanır. Ancak yeniden tahsise açılan bu alan adları için bir ay süre ile başvuru talebi alınmaz.

(2) Alan adının kara listeye alınma gerekçesi dışında başka bir gerekçeyle iptal edilmesi ve sahibinin alan adından feragat etmesi gibi durumlarda ilgili alan adı yeniden tahsise açılır ve bu alan adının tahsise açıldığı bilgisi Kurumun İnternet sitesinde yayımlanır. Ancak yeniden tahsise açılan alan adları için üç ay süre ile başvuru talebi alınmaz.

(3) Yeniden tahsise açılan alan adları için başvuruların alınması ve bu alan adlarının tahsisi bu Yönetmeliğin 7 nci ve 8 inci maddeleri çerçevesinde yapılır.

Satış ve devir

MADDE 13 – (1) Alan adları satılabilir veya devredilebilir.

(2) Satış veya devir işleminin gerçekleşmesi için hizmet alınan KK’nın İnternet sitesinde yer alan ilgili formun tam ve doğru olarak doldurulması gerekir. KK’nın, TRABİS üzerinden gerekli işlemleri tamamlaması halinde alan adının satışı veya devir işlemi doğrultusunda ilgili alan adı sahibi değişikliği gerçekleştirilir.

(3) Gerçek kişilerin ölüm, gaiplik, gaiplik karinesi gibi durumlarında alan adı yasal mirasçılara devredilebilir.

(4) Satılan veya devredilen alan adının kullanım süresi değişmez.

ÜÇÜNCÜ BÖLÜM

Kurumun Görevleri ve Yetkileri

Kurumun görevleri

MADDE 14 – (1) Kurumun görevleri aşağıda yer almaktadır;

a) TRABİS’i kurmak ve işletmek veya belirlediği usul ve esaslar çerçevesinde TRABİS’in üçüncü bir tarafça kurulması ve işletilmesini sağlamak,

b) UÇHS’leri ve KK’ları belirlemek ve bunların iletişim bilgilerini İnternet sitesinde yayımlamak,

c) Alan adı tahsis ve yenilemesine ilişkin ücretler ile uyuşmazlık çözüm mekanizmasının işletilmesi ile ilgili işlemlere ilişkin ücretleri belirlemek ve gerektiğinde değişiklik yapmak,

ç) Tahsise açılacak veya kullanımına son verilecek alt alan adlarını belirlemek,

d) Belgeli tahsis edilen alt alanların tahsisinde istenecek belgeleri belirlemek,

e) Bu Yönetmelikte belirtilen veya Kurul tarafından belirlenen hallerle sınırlı olmak kaydıyla KK niteliğinde faaliyet yürütmek,

f) Alan adı ihtilaflarına ilişkin kendisine iletilen mahkeme kararlarını, UÇHS’nin kendisine ilettiği ihtilafa konu olan alan adları ile hakem veya hakem heyeti kararlarını İnternet sitesinde güncel olarak bulundurmak ve bu kararların gereğini yerine getirmek,

g) Kendisine iletilen talep ve şikâyetleri değerlendirmek ve mevzuat çerçevesinde gerekli tedbirleri almak,

ğ) Her yıl Nisan ayı sonuna kadar bir önceki yıla ait faaliyet raporunu hazırlayarak Kurumun internet sitesinden ve gerekli olduğu hallerde diğer uygun araçlarla kamuoyuna duyurmak,

h) ICANN, RIPE NCC, CENTR gibi kuruluşlar nezdinde gerekli çalışmaları yürütmek.

Kurumun yetkileri

MADDE 15 – (1) Kurum, bu Yönetmelik çerçevesinde görev alanına giren hususlara ilişkin olarak;

(a) Gerekli gördüğü düzenlemeleri yapmaya,

(b) İlgili mevzuat çerçevesinde KK’ları ve UÇHS’leri denetlemeye

yetkilidir.

DÖRDÜNCÜ BÖLÜM

Kayıt Kuruluşları

Kayıt kuruluşu

MADDE 16 – (1) Kurum, KK’ların taşıması gereken nitelikleri, uyması gereken kuralları ve diğer hususları tespit eder ve bunları internet sitesinden ve gerek olduğu hallerde diğer uygun araçlarla kamuoyuna duyurur.

(2) KK olmak isteyen taraflar Kurum’a başvuruda bulunurlar. Kurum tarafından gerekli şartları taşıdığı tespit edilen taraflara KK olarak faaliyette bulunabilmelerini teminen faaliyet belgesi düzenlenir.

Kayıt kuruluşlarının yükümlülükleri

MADDE 17 – (1) KK’lar;

a) İlgili mevzuata uymakla,

b) Kullandıkları cihaz ve sistemler ile sundukları hizmetlerin erişilebilirliğini, güvenliğini, güvenilirliğini, bütünlüğünü sağlamakla,

c) Sundukları hizmetlerin kalitesi ve sürekliliği ile ilgili bir aksamanın yaşanmamasını sağlamakla ve bunun için yeterli sayıda nitelikli personel çalıştırmak ve gerekli teknik donanıma sahip olmakla,

ç) Kişilere sundukları hizmetlere 7 gün 24 saat eşit erişim imkânı sağlamakla,

d) Alan adı başvurusu ve diğer işlemler sırasında kişilerden tam ve doğru bilgiler almakla; bu bilgilerin güvenliğini ve gizliliğini sağlamakla; bu bilgileri güncellemekle, asgari yıllık olarak teyit etmekle, bilgi değişikliklerini TRABİS üzerinden Kuruma derhal bildirmekle, bu bilgileri Kurum ve yasal olarak yetkili kılınan taraflar haricinde hiçbir tarafa vermemekle ve alınma amaçları dışında kullanmamakla,

e) Kendilerine yapılan alan adına ilişkin tahsis, yenileme, iptal gibi talepleri gerçek zamanlı ve TRABİS’te uygulanan yazılım standartlarına uygun olarak TRABİS’e iletmekle,

f) TRABİS üzerinden yürüttükleri alan adına ilişkin işlemleri yerine getirirken gerekli özeni göstermekle,

g) Kendilerinden hizmet alan ve almak isteyen kişileri; alan adına ilişkin başvuru, tahsis, yenileme, iptal, transfer gibi işlemlerle ilgili olarak bilgilendirmekle,

ğ) Rehberlik hizmetine kendi İnternet siteleri üzerinden ücretsiz erişim imkânı sağlamakla,

h) Alan adı ile ilgili işlemler dolayısıyla elde ettiği bilgi ve belgeleri alan adının kullanımının herhangi bir nedenle sona ermesinden itibaren en az 10 yıl süre ile saklamakla,

ı) Faaliyetleri sona ereceği zaman KK’lar arası transfer işlemleri çerçevesinde gerekenleri yapmakla ve elindeki ilgili bilgi ve belgeleri Kuruma tam ve doğru olarak zamanında teslim etmekle,

i) Her yıl Mart ayı sonuna kadar bir önceki yıla ait faaliyet raporunu Kuruma sunmakla,

j) Tanıtıcı bilgilerini, ilgili mevzuatı ve başvuru formunun örneğini kendisine ait “.tr” uzantılı alan adına sahip İnternet sitesinde ilgili tarafların ulaşabileceği şekilde ve güncel olarak bulundurmakla,

yükümlüdür.

Kayıt kuruluşlarının faaliyetlerine son vermesi

MADDE 18 – (1) KK’lar, faaliyetlerini sona erdirecek olmaları halinde Kurumu asgari üç ay önceden bilgilendirirler.

(2) Kurum, bilgilendirilmesini müteakip KK’lar arası transfer işlemlerini derhal başlatır.

(3) KK’lar, faaliyetlerine son verecek olmaları dolayısıyla sebep olabilecekleri zararlardan sorumlu olur.

Kayıt kuruluşlarının faaliyetlerine son verilmesi

MADDE 19 – (1) KK’nın ilgili mevzuat hükümlerine uymaması, yükümlülüklerini yerine getirmemesi, aranan nitelikleri yitirmesi gibi hallerde faaliyetlerine Kurum tarafından son verilebilir.

(2) Bu durumda Kurum derhal KK’lar arası transfer işlemlerini başlatır.

(3) KK’lar, faaliyetlerine son verilecek olması dolayısıyla sebep olabilecekleri zararlardan sorumlu olur.

Kayıt kuruluşları arası transfer

MADDE 20 – (1) Alan adı sahipleri, talep etmeleri halinde, hizmet aldıkları KK’yı değiştirebilirler.

(2) Bir KK’nın faaliyetlerine son vermesi veya son verilmesi durumunda faaliyet gösteren diğer bir KK’ya zorunlu transfer gerçekleştirilir.

(3) KK’lar arası transfer işlemlerine ilişkin hususlar Kurum tarafından düzenlenir.

(4) KK’lar arası transfer işlemleri ile ilgili uyuşmazlıklar Kurum tarafından değerlendirilir.

BEŞİNCİ BÖLÜM

Alan Adı Sahibinin Hak ve Yükümlülükleri

Alan adı sahibinin hakları

MADDE 21 – (1) Alan adı sahibi;

a) Alan adını tahsis süresi boyunca kullanma,

b) Alan adı tahsisini yenileme,

c) Alan adından feragat etme,

ç) Hizmet aldığı KK’yı değiştirme

haklarına sahiptir.

Alan adı sahibinin yükümlülükleri

MADDE 22 – (1) Alan adı sahibi;

a) İlgili mevzuata uymakla,

b) KK’ya tam ve doğru bilgiler vermekle; bu bilgilerde meydana gelen değişiklikleri derhal hizmet aldığı KK’ya bildirmekle,

c) Üçüncü kişilerin haklarını ihlal etmemekle,

ç) KK’lar arası zorunlu transfer hallerinde bilgilendirilmesini müteakip gereken işlemleri yapmakla

yükümlüdür.

ALTINCI BÖLÜM

Alternatif Uyuşmazlık Çözüm Mekanizması

Uyuşmazlık çözüm mekanizması

MADDE 23 – (1) Alan adları ile ilgili ihtilaflar alternatif olarak UÇHS’ler tarafından işletilen uyuşmazlık çözüm mekanizması vasıtasıyla çözülür. Uyuşmazlık çözüm mekanizmasının işletilmesine ilişkin usul ve esaslar Kurum tarafından düzenlenir.

Uyuşmazlık çözüm hizmet sağlayıcı

MADDE 24 – (1) Kurum, UÇHS’lerin taşıması gereken asgari nitelikleri, uyması gereken kuralları ve diğer hususları tespit eder ve bunları internet sitesinden ve gerek olduğu hallerde diğer uygun araçlarla kamuoyuna duyurur.

(2) UÇHS olmak isteyen taraflar Kurum’a başvuruda bulunurlar. Kurum tarafından gerekli şartları taşıdığı tespit edilen taraflara UÇHS olarak faaliyette bulunabilmelerini teminen faaliyet belgesi düzenlenir.

(3) UÇHS’lerin, ihtilafların çözümü sürecini başarıyla yönetebilecek, idari ve teknik yetkinliği haiz olmaları ve olası ihtilaf konularında uzman yeterli sayıda hakemi listelerinde bulundurabilmeleri gerekir.

(4) Bu Yönetmelik veya Kurum tarafından belirlenen düzenlemeler çerçevesinde görev ve yükümlülüklerini yerine getirmeyen veya UÇHS olmak için aranan asgari nitelikleri kaybeden UÇHS’ler hakkında faaliyetlerine son vermek de dahil olmak üzere Kurum tarafından gerekli tedbirler alınır.

(5) UÇHS’ler en az bir ay önceden Kuruma bildirimde bulunmaları halinde ve hakemleri aracılığıyla yürütmekte oldukları uyuşmazlık çözüm süreçlerini karara bağlamak şartıyla faaliyetlerine son verebilirler. UÇHS’ler faaliyetlerine son vermeleri dolayısıyla sebep oldukları zararlardan sorumludurlar.

Uyuşmazlık çözüm mekanizmasına başvuru

MADDE 25 – (1) Uyuşmazlık çözüm mekanizmasına başvuru için;

a) İhtilaf konusu alan adının, sahip olunan ya da ticarette kullanılan marka, ticaret unvanı, işletme adı ya da diğer tanıtıcı işaretlerle benzer ya da aynı olması ve

b) Alan adını tahsis ettiren tarafın bu alan adı ile ilgili yasal bir hakkı ya da bağlantısının olmaması ve

c) Bu alan adının alan adı sahibi tarafından kötü niyetle tahsis ettirilmesi veya kullanılması

gerekmektedir.

(2) Bu maddenin birinci fıkrasında yer alan üç şartın birlikte sağlandığını iddia eden şikâyetçi, uyuşmazlığın çözümü için UÇHS’lerden birini tercih ederek başvurusunu yapar. Şikâyetçi başvuruda bulunduğu UÇHS’nin kendisine kesin bir karar bildirmesine kadar aynı hususta başka bir UÇHS’ye başvuruda bulunamaz.

Hakemler

MADDE 26 – (1) UÇHS’lerin listelerinde yer alacak hakemlerin fikri mülkiyet hakları hukuku, marka hukuku, ticaret hukuku veya bilişim hukuku alanlarında uzman olması gerekir.

(2) Hakemler, uyuşmazlık konusu alan adına ve taraflarına ilişkin bağımsızlık ve tarafsızlıklarını gösterir yazılı beyanlarını UÇHS’ye sunmalarını müteakip çalışmaya başlarlar.

(3) Hakemlerin çalışmalarını kendilerine iletilen bilgi, belge ve delillerden oluşan dosya üzerinden yapmaları esas olup, gerek görülmedikçe, taraflar şahsen dinlenmez.

Kararın alınması

MADDE 27 – (1) Hakem veya hakem heyeti, ilgili mevzuat, içtihatlar ve yargı kararlarını da göz önüne alarak, şikâyetçi tarafın talebi doğrultusunda alan adlarının iptaline, şikâyetçi tarafa devrine veya şikâyetçi tarafın talebinin reddine karar verir. Hakem kurulunun kararları basit çoğunlukla alınır, çekimser oy kullanılamaz.

(2) UÇHS, kendisine iletilen kararı bir gün içinde Kuruma ve şikâyetle ilgili taraflara bildirir ve İnternet sitesinde yayımlar.

YEDİNCİ BÖLÜM

Çeşitli ve Son Hükümler

Ücretler

MADDE 28 – (1) Alan adları ile ilgili işlemler ve uyuşmazlık çözüm mekanizmasının işletilmesi ile ilgili işlemler ücreti mukabili gerçekleştirilir.

(2) Alan adı tahsis ve yenilemesine ilişkin ücretler KK’lar tarafından Kuruma ödenir. Bu ücretler Kuruma gelir olarak kaydedilir.

(3) KK’lar, Kurumca belirlenen ücretleri göz önüne alarak, alan adları ile ilgili olarak kişilerden alacağı işlem ücretlerini belirler.

(4) Kurum, sürdürülebilir rekabet ortamının sağlanmasını ve tüketici haklarının korunmasını teminen, gerektiğinde, KK’ların alan adları ile ilgili işlem ücretlerini de düzenleyebilir.

(5) UÇHS’ler, Kurumca belirlenen ücretleri üst sınır olarak esas alıp uygulayacakları işlem ücretlerini belirlerler. Kurum, gerektiğinde uyuşmazlık çözüm mekanizmasının işletilmesi ile ilgili işlem ücretlerine ilişkin alt sınırı da belirleyebilir.

(6) Alan adının iptali veya alan adından feragat edilmesi hallerinde ödenen ücretler iade edilmez.

(7) Uyuşmazlık çözüm mekanizmasına başvuru esnasında ödenen ücretler iade edilmez.

Rehberlik hizmeti

MADDE 29 – (1) Rehberlik hizmeti bilgilendirme amaçlıdır. Rehberde yer alacak bilgiler Kurum tarafından belirlenir.

(2) Rehberde sadece alan adı ile sorgulama yapılabilir.

(3) Rehberde sorgulama yapan kişiler edindiği bilgileri istem dışı elektronik posta göndermek, ticari faaliyette bulunmak gibi amaçlarla kullanmayacağını taahhüt eder.

(4) KK’lar rehberde yer alan bilgilerin istek dışı elektronik posta göndermek, ticari faaliyette bulunmak gibi amaçlarla kullanılmasını engellemek için mevcut teknolojik imkânlar çerçevesinde gerekli tedbirleri alırlar.

Yeni alt alan adlarının tahsise açılması

MADDE 30 – (1) Kurum tarafından tahsise açılmasına karar verilen yeni alt alan adları Kurumun İnternet sitesinden ve gerek olduğu hallerde diğer uygun araçlarla kamuoyuna duyurulur. Duyuruda alan adı tahsisinin belgeli ya da belgesiz yapılacağı da belirtilir.

(2) Belgeli tahsis edilecek yeni alt alan adlarının tahsisine ilişkin hususlar Kurum tarafından düzenlenir.

Tahsise kapalı adlar listesi

MADDE 31 – (1) Tahsise kapalı adlar listesine alınacak ve bu listeden çıkarılacak alan adları Kurum tarafından, gerekli görülmesi halinde konuyla ilgili uzmanların görüşüne de başvurularak belirlenir.

(2) Alan adının tahsise kapalı adlar listesine alınması ve bu listeden çıkarılması hallerinde varsa alan adı sahibi ve ilgili KK bilgilendirilir.

(3) Alan adının tahsise kapalı adlar listesinden çıkartılması halinde alan adı varsa sahibine iade edilir.

Tahsisi kısıtlı adlar listesi

MADDE 32 – (1) Tahsisi kısıtlı adlar listesine alınacak ve bu listeden çıkarılacak alan adları ile bu alan adlarının tahsisinin yapılacağı taraflar ve tahsiste istenecek bilgi ve/veya belgeler Kurum tarafından, gerekli görülmesi halinde konuyla ilgili uzmanların görüşüne de başvurularak belirlenir.

(2) Tahsisi kısıtlı adlar listesine alınan alan adının tahsisinin uygun taraflara yapılmadığı tespit edilirse alan adı ilgili taraflar bilgilendirilerek iptal edilir.

(3) Alan adının tahsisi kısıtlı adlar listesinden çıkartılması halinde alan adı varsa sahibine iade edilir.

Geçiş süreci

GEÇİCİ MADDE 1 – (1) Bu Yönetmelik çerçevesinde TRABİS faaliyete geçene kadar mevcut işleyiş devam eder.

(2) Bu Yönetmeliğin yayımlandığı tarihten itibaren en geç iki yıl içerisinde TRABİS faaliyete geçirilir.

(3) Orta Doğu Teknik Üniversitesi bünyesinde bulunan Nic.tr (“.tr” Alan Adları Yönetimi) TRABİS’in en kısa sürede faaliyete geçmesi için gerekli desteği sağlamakla ve ilgili tüm bilgi ve belgeleri Kuruma aktarmakla yükümlüdür.

(4) Bu Yönetmeliğin yürürlüğe girdiği tarih itibarıyla tahsisli olan, bu tarihten TRABİS’in faaliyete geçmesine kadarki sürede tahsis edilen ve asgari bir KK faaliyete geçene kadarki sürede tahsis edilen alan adları tahsis sürelerinin sonuna kadar kullanılmaya devam eder.

(5) Mevcut işleyişte Orta Doğu Teknik Üniversitesi bünyesinde bulunan Nic.tr (“.tr” Alan Adları Yönetimi) tarafından kayıt operatörü olarak belirlenmiş bulunan taraflardan KK olmak isteyenler TRABİS’in faaliyete geçmesinden sonraki altı ay içinde bu Yönetmelik hükümleri çerçevesinde gerekli işlemleri tamamlayarak KK olarak faaliyete başlarlar. Gerekli işlemleri tamamlamadığı için KK olamayan veya KK olmak istemeyen kayıt operatörleri bu süre sonunda faaliyetlerini durdururlar ve daha önce tahsis, yenileme ve benzeri işlemlerine aracılık etmiş oldukları alan adlarına ilişkin bilgi ve belgeleri Kuruma aktarırlar.

(6) Bu maddenin üçüncü ve dördüncü fıkrasında belirtilen alan adlarının sahipleri, TRABİS’in faaliyete geçmesinden sonra ve istemeleri halinde ilgili alan adının tahsis süresinin sona ermesinden önce veya tahsis süresinin sona ermesinden sonra sahip oldukları alan adına ilişkin işlemleri yapmak üzere, Kurumun İnternet sitesinde yer alan KK’lardan birini tercih ederler. Başvuru yapılan KK, ilgili bilgi veya belgeleri de temin ederek bu alan adı sahiplerini kimlik doğrulama dâhil gerekli işlemleri yapmak suretiyle sistemine kaydeder.

(7) Kişilerin alan adlarına ilişkin işlemleri asgari bir KK faaliyete geçene kadar TRABİS vasıtasıyla yerine getirilir.

Geçiş sürecinde satış ve devir

GEÇİCİ MADDE 2 – (1) Bu maddenin yürürlüğe girdiği tarihten itibaren üç yıl süre boyunca alan adları satılamaz ancak aşağıda belirtilen durumlarda başkalarına devredilebilir;

a) Gerçek kişilerin ölüm, gaiplik, gaiplik karinesi gibi durumlarında alan adı yasal mirasçılara devredilebilir.

b) Tüzel kişiler, sahip oldukları alan adını birleşme, devralma gibi sebeplerle devredebilirler.

c) Marka ve/veya patent sahibi gerçek ve/veya tüzel kişiler bu marka ve/veya patent ile ilgili haklarını devretmeleri durumunda sahip oldukları marka ve/veya patente ilişkin alan adlarını da devredebilirler.

ç) Fikir veya sanat eserlerinin kayıt ve tescilini yaptırmış olan gerçek ve/veya tüzel kişiler bu fikir veya sanat eserleri ile ilgili haklarını devretmeleri durumunda sahip oldukları fikir veya sanat eserlerine ilişkin alan adlarını da devredebilirler.

(2) Devir talebi hizmet alınan KK’nın İnternet sitesinde yer alan ilgili formun tam ve doğru olarak doldurulması suretiyle yapılır. KK’nın, TRABİS üzerinden gerekli işlemleri tamamlaması halinde alan adının devri gerçekleştirilir.

(3) Devredilen alan adının kullanım süresi değişmez.

“a.tr” yapısındaki alan adlarının ilk tahsisi

GEÇİCİ MADDE 3 – (1) “a.tr” yapısındaki alan adlarının ilk tahsisi belgeli olarak Kurum tarafından düzenlenecek çerçevede yapılır.

(2) “a.tr” yapısındaki alan adlarının ilk tahsisinde alınacak başvuru ücretleri Kurum tarafından belirlenir.

(3) İlk tahsis işlemlerinde, sırasıyla, kamu kurum ve kuruluşlarına, sermayesinin yarısından fazlası kamuya ait kuruluşlara, kamu kurumu niteliğinde olan meslek kuruluşlarına, kamuya yararlı dernekler ve vakıflar ile işçi ve işveren meslek kuruluşlarına öncelik verilir.

Yürürlük

MADDE 33 – (1) Bu Yönetmeliğin;

a) 13 üncü maddesi TRABİS’in faaliyete geçmesinden üç yıl sonra,

b) 14 üncü, 15 inci ve 24 üncü maddeleri ile Geçici Madde 1’i yayımı tarihinde,

c) Geçici Madde 3’i TRABİS’in faaliyete geçmesinden oniki ay sonra,

ç) Diğer maddeleri TRABİS’in faaliyete geçtiği tarihten itibaren

yürürlüğe girer.

Yürütme

MADDE 34 – (1) Bu Yönetmelik hükümlerini Ulaştırma Bakanı yürütür.



EK

Alan Adlarının Yapısı ve Belgeli Tahsis Edilen Alt Alanlar

1. Tanımlar

“a.b.tr” ve “a.tr” yapısındaki İnternet alan adlarında;



tr
Ülkemizin ISO (International Organization for Standardization –Uluslararası Standardizasyon Örgütü) 3166 standardı ile belirlenen ve İnternet alan adlarında kullanılan kodunu

b
“.tr” uzantılı İnternet alan adları altında tanımlanan alt alan adlarını

a
Bu Yönetmelik hükümleri çerçevesinde kişilerin serbestçe belirlediği alanı


ifade eder.



2. Alt Alanlar

“.tr” altında tanımlanan alt alanlar aşağıda belirtilmiştir.



“.com”
“.net”
“.biz”
“.info”
“.bbs”

“.name”
“.org”
“.web”
“.gen”
“.av”

“.tv”
“.dr”
“.k12”
“.tel”
“.bel”

“.gov”
“.edu”
“.pol”
“.tsk”





3. Belgeli Tahsis Edilen Alt Alan Adları

Aşağıda yer alan alt alanlar belirtilen taraflara Kurumun belirleyeceği belgeler karşılığında tahsis edilir.

Alt Alan
Tahsis Edilecek Taraf

“.av”
Türkiye Barolar Birliğine kayıtlı serbest avukatlar, hukuk büroları ve avukatlık ortaklıkları

“.bel”
İçişleri Bakanlığı kayıtlarında yer alan belediyeler

“.dr”
Türk Tabipler Birliğine kayıtlı tıp doktorları, doktor ortaklıkları, hastaneler ve Sağlık Bakanlığı birinci basamak sağlık kuruluşları

“.edu”
T.C. Yüksek Öğretim Kurumu (YÖK) tarafından tanınan yüksek eğitim kurumları

“.gov”
Kamu kurum ve kuruluşları

“.pol”
Emniyet Genel Müdürlüğü ve bünyesindeki birimler

“.k12”
Milli Eğitim Bakanlığı (MEB) tarafından onaylanmış okul öncesi eğitim veren kreş, anaokulu, ilköğretim, lise ve dengi öğretim kurumları

“.tsk”
Türk Silahlı Kuvvetleri bünyesinde yer alan birimler