Introduction
Data has become one of the most valuable competitive assets in modern markets. Businesses use data to understand customers, improve products, personalize services, optimize prices, detect fraud, target advertising, manage logistics, evaluate demand, train algorithms and design digital platforms. In Turkey, data-driven business models are now central to e-commerce, online advertising, fintech, digital platforms, telecommunications, healthcare technologies, mobility services, gaming, online marketplaces and artificial intelligence.
However, data sharing and big data practices may create serious Turkish Competition Law risks. Data may facilitate competition when it improves quality, innovation and efficiency. But data may also restrict competition when it enables collusion, strengthens dominant platforms, excludes rivals, creates entry barriers, supports discriminatory conduct, or allows undertakings to exploit consumers and business users.
The main legal framework is Law No. 4054 on the Protection of Competition. Article 4 prohibits agreements, concerted practices and decisions of associations of undertakings that restrict competition. Article 6 prohibits abuse of dominant position. Article 7 regulates mergers and acquisitions that may significantly lessen competition. These provisions are broad enough to apply to data sharing, big data, algorithmic practices, platform data, digital advertising, data portability and data-driven exclusionary conduct.
Data-related competition issues in Turkey cannot be examined only from an antitrust perspective. They also intersect with Personal Data Protection Law No. 6698, which aims to protect fundamental rights and freedoms, particularly privacy, in relation to the processing of personal data. Competition compliance and data protection compliance are therefore separate but interconnected obligations.
1. Why Data Matters in Turkish Competition Law
Data can be a source of market power. A company with access to large, unique and high-quality datasets may better understand consumers, improve recommendations, develop superior algorithms, target ads more efficiently and predict demand more accurately. In digital markets, this can create a self-reinforcing cycle: more users generate more data, better data improves the service, better service attracts more users, and the cycle continues.
The Turkish Competition Authority has recognized that digital markets raise issues involving data ownership, network effects and platforms acting simultaneously as marketplace operators and sellers. In its materials on abuse of dominance in digital markets, the Authority noted that market power stemming from data ownership and network effects may create abuse concerns, especially in e-marketplace models.
This does not mean that collecting or using data is automatically unlawful. Data-driven competition can benefit consumers through better products, lower search costs, personalization, faster delivery and more relevant advertising. The legal risk begins when data is used to restrict competition or reinforce market power unfairly.
2. Data Sharing as Information Exchange Under Article 4
One of the most important risks is information exchange between competitors. If competitors share commercially sensitive data, they may reduce uncertainty in the market and facilitate coordination. This may violate Article 4 of Law No. 4054.
Sensitive data may include current or future prices, discounts, customer lists, sales volumes, market shares, cost structures, stock levels, production capacity, bid strategies, wage data, planned campaigns, algorithmic pricing rules, platform performance data or customer-specific terms.
Data sharing may occur directly between competitors or indirectly through trade associations, consultants, software providers, online platforms, market research firms, data pools or algorithms. The format does not matter. A spreadsheet, dashboard, API, shared database, WhatsApp group or benchmarking report may all create competition law risk if the exchanged data is strategically sensitive.
The core legal question is whether the data sharing affects independent commercial decision-making. If the exchange allows competitors to predict, monitor or align each other’s future conduct, Article 4 risk is high.
3. Big Data and Market Entry Barriers
Big data can create barriers to entry. A new entrant may have good technology, but if it lacks comparable user data, transaction history, behavioral data, search data or advertising data, it may not be able to compete effectively with an established platform.
This concern is particularly strong in markets with network effects. For example, an online marketplace with millions of users can collect valuable data about prices, demand, conversion rates, consumer preferences and seller performance. A smaller rival may struggle to replicate that dataset. If the incumbent also uses data to improve ranking, logistics, advertising and pricing tools, its advantage may become durable.
The Turkish Competition Authority’s work on digital transformation emphasizes that data, platform power, network effects and market tipping are central issues in digital competition analysis.
4. Data as an Input for Dominance Analysis
Under Article 6, dominance requires the ability to act independently of competitors, customers and suppliers. In digital markets, data may be one of the factors supporting dominance. Traditional market share analysis may not be sufficient because a platform with strong data advantages may have market power even where revenue-based shares do not fully capture its competitive position.
Relevant factors may include:
The volume and variety of data collected.
Whether the data is unique or replicable.
Whether competitors can obtain similar data.
Whether the data improves algorithms or targeting.
Whether users are locked into the platform.
Whether data access creates entry barriers.
Whether the platform controls both user data and business-user data.
Whether data is combined across different services.
A company does not become dominant merely because it has data. But where data is large-scale, exclusive, difficult to replicate and essential for effective competition, it may contribute to market power.
5. Abuse of Dominance Through Data Practices
Data-related conduct may become an abuse of dominance where a dominant undertaking uses data to exclude rivals, discriminate against business users or exploit consumers.
Examples may include:
Using non-public seller data to compete against sellers on a marketplace.
Denying rivals access to indispensable data without objective justification.
Combining data across services to reinforce ecosystem power.
Applying discriminatory access to advertising or platform data.
Using data to self-preference affiliated services.
Restricting data portability to increase switching costs.
Collecting excessive data as a condition of using a service.
Leveraging data from one market into another market.
In a platform environment, data may be especially sensitive where the platform is both an intermediary and a competitor. If the platform hosts third-party sellers and also sells its own products, access to non-public seller data may allow the platform to identify profitable products, copy strategies or target customers more effectively.
6. The Meta / WhatsApp Data-Sharing Example
Data-sharing issues have already appeared in Turkish competition enforcement. In the Meta / WhatsApp matter, the Competition Board examined concerns that users in Turkey would be required to accept the sharing of WhatsApp data with other Meta companies as a condition of continuing to use WhatsApp. The Authority’s English reasoned decision states that an investigation was opened to determine whether the data-sharing requirement constituted an infringement under Article 6 of Law No. 4054, and the Board also adopted an interim measure.
This example is important because it shows how data protection, consumer choice and competition law can overlap. A privacy policy change may also raise competition concerns if a dominant undertaking uses data integration to strengthen market power, reduce user choice or leverage data across services.
7. Competition Law and Personal Data Protection Law
Turkish competition law and personal data protection law have different purposes. Competition law protects the competitive process, while Personal Data Protection Law No. 6698 protects fundamental rights and freedoms in relation to personal data processing. The official English text of Law No. 6698 states that its purpose is to protect fundamental rights and freedoms, particularly privacy, and to set obligations and principles for persons processing personal data.
A data practice may comply with data protection law but still create competition law concerns. Conversely, a data practice may raise privacy concerns even if it does not restrict competition. Companies should therefore avoid treating KVKK compliance as a substitute for competition compliance.
For example, obtaining consent for data processing does not automatically solve an abuse of dominance issue if the user has no real alternative. Similarly, anonymizing data may reduce privacy risk but may not eliminate competition risk if aggregated data still enables competitor coordination.
8. Cooperation Between Turkish Authorities
The interaction between competition law and data protection has become more institutionalized. The Turkish Competition Authority’s 2023 Annual Report states that the Competition Authority signed a “Cooperation and Information Sharing Protocol” with the Personal Data Protection Authority on October 26, 2023.
This development matters for companies because data practices may now attract attention from multiple regulators. A digital platform, fintech company, marketplace, healthtech business or online advertiser may face both competition and data protection scrutiny.
9. Data Sharing in Online Advertising
Online advertising is one of the most data-intensive markets. Platforms collect and process search queries, browsing behavior, location data, device data, conversion data, ad performance data, audience segments and publisher inventory data. These data flows may support more efficient advertising, but they may also create competition concerns.
Competition risks in online advertising include:
Self-preferencing by vertically integrated adtech platforms.
Exclusive access to user data.
Discriminatory access to ad inventory.
Opaque auction mechanisms.
Combining user data across services.
Restricting third-party measurement.
Denying rivals access to necessary data.
Using advertiser or publisher data to favor affiliated services.
The Turkish Competition Authority has conducted sector inquiry work on online advertising, reflecting the importance of data and platform power in this sector.
10. Data Pools and Industry Databases
Data pools may be lawful and efficient where they improve market transparency, fraud prevention, credit assessment, logistics, safety, research or product development. However, industry-wide databases can also become tools for coordination.
For example, a shared database among competitors may be risky if it contains real-time prices, customer-specific sales, future production plans or individual market shares. A data pool may be safer if it is historical, aggregated, anonymized, managed by an independent third party and does not allow reverse engineering of individual competitor data.
The legal risk depends on the nature of the data, market concentration, frequency of exchange, identifiability, timing and commercial use. A data pool in a concentrated market with few participants may be risky even if the data is formally aggregated, because participants may still infer each other’s figures.
11. Benchmarking and Big Data Analytics
Benchmarking is common in many sectors. Companies may use benchmarking reports to compare performance, costs, wages, logistics efficiency, sales trends or customer behavior. Benchmarking can be legitimate if it does not reveal competitively sensitive information.
Competition-compliant benchmarking should generally use:
Historical data.
Aggregated data.
Anonymized data.
A sufficient number of participants.
Independent third-party management.
No disclosure of individual company data.
No future pricing or strategy information.
No customer-specific confidential information.
Companies should be especially careful with automated dashboards. A dashboard that updates competitor-specific prices, stock or sales in real time may be much riskier than a historical annual market report.
12. Algorithmic Pricing and Data Sharing
Big data often feeds pricing algorithms. Algorithmic pricing is not unlawful by itself. But it may create Article 4 risks if competitors use shared data or common algorithms to align prices.
Risky scenarios include:
Competitors using the same pricing software that relies on their non-public data.
A platform recommending prices to sellers based on seller-specific confidential data.
A data provider collecting future pricing inputs from competitors.
Algorithms monitoring competitor deviations and supporting price discipline.
A marketplace sharing seller pricing data in a way that facilitates coordination.
The fact that a machine processes the data does not eliminate legal responsibility. If the economic effect is coordination between competitors, the use of algorithms may increase rather than reduce competition law exposure.
13. Data Sharing in Labor Markets
Data sharing risks are not limited to product markets. Employers compete in labor markets. Exchanging salary data, bonus policies, wage increase plans, hiring strategies or employee benefit information may restrict competition for labor.
The Turkish Competition Authority’s labor market guidance confirms that information may be exchanged directly or indirectly through platforms, associations, market survey organizations, private employment agencies, websites, media or algorithms, and that wage and working-condition information may be competitively sensitive.
Therefore, HR data analytics and salary benchmarking should be structured carefully. Current or future wage information exchanged directly between competing employers may create serious Article 4 risk.
14. Data Portability and Access to Data
Data portability can reduce switching costs and support competition. If users or business users can transfer their data to another service, they may be less locked into a dominant platform. However, competition-law data access and data protection portability rights are not identical.
The Turkish Competition Authority’s digital transformation report distinguishes data portability from broader competition-law requests for access to large datasets.
In competition law, forced access to data is usually exceptional. A company seeking access must show that the data is indispensable for effective competition, that there is no realistic alternative, that refusal forecloses competition and that there is no objective justification. Privacy, cybersecurity, trade secrets and investment incentives must also be considered.
15. Nadirkitap and Data Portability Concerns
The Turkish Competition Authority has addressed data portability and platform dependency in practice. The Authority’s 2022 Annual Report states that, as a result of an investigation, Nadirkitap was found to have abused its dominant position under Article 6 of Law No. 4054.
This matter is significant because it reflects how data portability, platform dependency and access to user-created or business-user-related data may become competition law issues. In digital platforms, business users may depend not only on access to the platform but also on access to historical data, ratings, reviews, transaction records or customer information.
16. Data-Driven Self-Preferencing
Self-preferencing occurs when a platform favors its own products or services over third-party business users. Data can make self-preferencing more powerful. A marketplace may observe sellers’ sales performance and then launch competing private-label products. A platform may use non-public data to improve its own ads, rankings or offers. A software ecosystem may use developer data to compete against app developers.
Self-preferencing may be assessed under Article 6 where the platform is dominant. The key questions are whether the platform has market power, whether the data is non-public and competitively sensitive, whether the conduct disadvantages third-party business users, and whether objective justification exists.
A platform should consider internal data firewalls between marketplace teams and retail teams. It should also document legitimate reasons for ranking, recommendation and product-development decisions.
17. Big Data and Merger Control
Data is increasingly important in merger control. A transaction may not raise obvious price effects but may combine large datasets, strengthen a platform ecosystem, reduce potential competition or create data-driven entry barriers.
Turkish merger control rules apply to transactions that may significantly lessen competition. In technology markets, the target’s current turnover may not reflect its future competitive importance. This is especially relevant for startups, fintech companies, online platforms, health technologies, gaming studios, AI businesses and data analytics companies.
A merger involving data-rich businesses should assess:
Whether the parties’ datasets are complementary or substitutable.
Whether the combined dataset is unique.
Whether rivals can access comparable data.
Whether the transaction strengthens network effects.
Whether data integration may foreclose competitors.
Whether privacy or user-choice issues affect competition.
Whether the target is a potential competitor.
Whether remedies or data-access commitments may be needed.
18. Big Data and Potential Competition
Data may affect potential competition. A startup with limited revenue but valuable data may become a future competitor. If an incumbent platform acquires that startup, the transaction may eliminate future rivalry. The Turkish Competition Authority has studied potential competition concerns in digital markets and e-marketplace sector inquiry findings.
This is especially important for acquisitions of data analytics companies, AI startups, fintech platforms, digital advertising tools, healthtech databases or marketplace infrastructure providers. Even where the target is small, its data assets may be strategically important.
19. Excessive Data Collection as a Competition Issue
Excessive data collection may be relevant to competition law when data is treated as a non-price dimension of service quality. A dominant platform may offer a zero-price service but require users to provide extensive data. If users have limited alternatives, the platform may exploit them through excessive data collection or forced consent.
This theory overlaps with data protection law but is not identical. The competition question is whether the data practice reflects market power, reduces quality, limits consumer choice or strengthens dominance. The privacy question is whether the processing complies with Law No. 6698.
Companies should avoid assuming that “free” services have no competition law risk. In digital markets, users may pay with attention, data and reduced privacy.
20. Data Sharing Between Group Companies
Data sharing within corporate groups may also raise risks. A group may combine data across e-commerce, payment, logistics, advertising, social media, messaging, cloud and retail services. Such integration may generate efficiencies, but it may also strengthen ecosystem power.
The Meta / WhatsApp investigation demonstrates that intra-group data sharing can become a competition law issue where users are required to accept data integration as a condition of service.
Group-wide data governance should therefore consider both privacy and competition risks. Consent, transparency, purpose limitation and user choice are important, but competition analysis should also examine dominance, lock-in, switching costs and market leveraging.
21. Data Sharing in Joint Ventures and Cooperation Agreements
Competitors may need to share data in joint ventures, R&D projects, logistics cooperation, sustainability initiatives, fraud prevention systems or payment infrastructures. Such cooperation may be lawful if the data sharing is necessary and proportionate.
However, parties should not exchange information beyond what is needed for the cooperation. A joint venture for logistics planning may need shipment volume forecasts, but it may not need future retail prices. A fraud-prevention data pool may need fraud indicators, but not customer-specific pricing strategies. An R&D collaboration may need technical data, but not unrelated sales plans.
Clean teams, data minimization, access controls, aggregation and confidentiality protocols are important safeguards.
22. Data Protection Compliance Is Not Enough
A company may comply with KVKK and still violate competition law. For example, a company may lawfully process personal data with consent, but if it is dominant and users have no realistic alternative, the consent mechanism may be examined from a competition perspective. A data-sharing arrangement may anonymize personal data, but still allow competitors to coordinate market behavior. A platform may comply with privacy rules but use business-user data to exclude rivals.
For this reason, businesses should conduct two separate analyses:
Is the data processing lawful under data protection law?
Does the data practice restrict competition or reinforce market power?
Only when both questions are answered properly can the company reduce legal risk.
23. Competition Compliance Program for Data Practices
A data-focused competition compliance program should include:
Mapping of collected data.
Classification of personal, non-personal, sensitive commercial and aggregated data.
Review of data sharing with competitors.
Review of third-party data pools and benchmarking.
Assessment of platform data use.
Controls on non-public seller data.
Algorithmic pricing review.
Data portability and access rules.
Merger control screening for data-rich transactions.
HR data exchange controls.
KVKK and competition law coordination.
Dawn raid preparedness for digital evidence.
Training for legal, data, product, engineering, HR, marketing and sales teams.
Data governance should not be left only to IT or privacy teams. Competition lawyers should be involved where data has strategic market value.
24. Practical Checklist for Data Sharing
Before sharing data, companies should ask:
Who will receive the data?
Is the recipient a competitor?
Is the data current or future-oriented?
Is it commercially sensitive?
Can individual company data be identified?
Is the data aggregated and anonymized?
Is a third party managing the exchange?
Is the data necessary for a legitimate cooperation?
Could the exchange reduce market uncertainty?
Could it help competitors align prices, wages or output?
Does the exchange involve personal data under Law No. 6698?
Has legal review been completed?
If the data is sensitive, identifiable, current and shared with competitors, the risk is high.
25. Practical Checklist for Big Data and Platforms
Platforms and data-rich businesses should ask:
Do we have market power because of data?
Can rivals replicate our dataset?
Do we use non-public business-user data for our own competing services?
Do we combine data across different services?
Can users or sellers port their data?
Do our APIs or data access rules disadvantage rivals?
Do we use data to self-preference?
Do we restrict third-party measurement or interoperability?
Do our algorithms create discriminatory or exclusionary effects?
Would a data-related acquisition raise merger control concerns?
Do we document objective justifications for data restrictions?
If these questions reveal platform dependency or data foreclosure risks, the company should conduct a detailed Article 6 and merger control analysis.
26. Administrative Fines and Legal Consequences
Data-related competition law violations may lead to serious consequences. Under Law No. 4054, violations of Articles 4, 6 and 7 may lead to administrative fines of up to 10% of annual gross revenues. The Competition Board may also impose behavioral remedies, interim measures, commitments or obligations to terminate unlawful conduct.
Data-related remedies may be commercially significant. They may require changes to data-sharing rules, platform access conditions, seller data firewalls, portability systems, algorithmic ranking, advertising data access, APIs, consent mechanisms or merger remedies.
Conclusion
Competition law risks in data sharing and big data practices in Turkey are now central to digital business compliance. Data is not merely a technical asset. It can be a source of market power, a tool for coordination, an entry barrier, an exclusionary weapon or a dimension of consumer welfare.
Under Article 4 of Law No. 4054, data sharing between competitors may violate competition law if it reduces strategic uncertainty or facilitates coordination. Sensitive data such as prices, costs, customers, sales volumes, wages, stock levels and future plans should not be exchanged directly or indirectly without strict safeguards.
Under Article 6, big data may support dominance and may create abuse concerns where a dominant undertaking uses data to foreclose rivals, self-preference, deny access, discriminate, exploit users or strengthen ecosystem power. Turkish enforcement and policy materials already show that data ownership, network effects, data integration and digital platform power are key competition issues.
At the same time, data practices must comply with Personal Data Protection Law No. 6698. Privacy compliance and competition compliance are connected, but they are not the same. A lawful data-processing activity may still raise competition concerns, and an anonymized dataset may still create antitrust risk if it enables coordination.
For companies operating in Turkey, proactive governance is essential. Data sharing should be reviewed before implementation. Big data practices should be assessed for market power and exclusionary effects. Platforms should control the use of non-public business-user data. HR and salary data exchanges should be carefully structured. Algorithms and pricing tools should be audited. M&A transactions involving data-rich businesses should be screened for Turkish merger control.
In Turkey’s digital economy, data compliance is no longer only a privacy issue. It is a competition law issue, a merger control issue, a platform governance issue and a strategic business risk. A well-designed compliance program can allow companies to use data lawfully and efficiently while reducing the risk of Turkish Competition Authority investigations, administrative fines, private damages claims and reputational harm.
Yanıt yok