Obtaining valuable data from large-scale data systems is defined as data mining. Data mining is a technique that transforms data into concrete information, often by processing large data sets. Data mining, which is used in various forms in the market, provides benefits in all kinds of electronic media-based business. It consists of data collection, data storage and data analysis.
Nowadays, data mining, which is a way to create value from data, compiles data from multiple sources. Legal consequences may arise during the unauthorised processing of data contained in websites such as personal data, intellectual and artistic works, trade secrets, terms of service and terms of use, confidentiality agreements. In this sense, the legal violations that may be caused by data mining and their qualifications are listed below:
1. Personal Data Protection Violations
It is possible that multiple personal data may be processed during data mining. The Law No. 6698 on the Protection of Personal Data (‘KVKK’) and the General Data Protection Regulation (‘GDPR’), which was approved by the European Union parliament and entered into force, are regulated in our legislation regarding the processing of data. In this context, it is necessary to protect the rights of the data subject and obtain consent from the data subject during data processing. Personal data, which are frequently used in data mining, may be processed without the consent of the data subject in the cases stipulated in the law or in the presence of the data subject’s existing consent. However, use outside these cases will violate data confidentiality. Since personal data is the private information of the data subject and must be protected, it is necessary to obtain the consent of the data subject by informing how and for what purpose the personal data is processed. In addition, individuals have the right to prevent their personal information about themselves from being obtained by someone else.
According to Article 8 of the KVKK, data cannot be transferred without the explicit consent of the persons. However, it is possible to process personal data in cases regulated in the law or where the explicit consent of the person is obtained. In this context, information on how and at what stage personal data will be processed is within the scope of the data subject’s right to request information. They also reserve the right to request the deletion of the data in accordance with the right to be forgotten.
The GDPR emphasises the need for special protection in the processing of personal data, especially sensitive personal data in terms of fundamental rights and freedoms. According to the GDPR, sensitive personal data consists of data such as race, ethnic origin, political opinion, religious belief, biometric or health data, and the explicit consent of the data subject is required for data processing, in cases where it is expressly foreseen in order to allow the exercise of fundamental freedoms.
2. Criminal Law
Through data mining, hidden information can be revealed from the data. Meaning extraction can be performed with statistical and mathematical techniques. The obtained data gain meaning with modelling techniques and the results are evaluated.
As a result of a firm’s data mining and modelling is requested, critical information of the company can be obtained. If the results are shared with competitors as data output, confidentiality breaches occur. In order to prevent this situation, making confidentiality agreements and adding noise to the data will help prevent it.
It will be possible to cause material and moral damage to persons that data obtained. This situation is characterised as cybercrime. Among the offences regulated in the Turkish Penal Code (‘TPC’): Article 132 of the TPC violates the confidentiality of communication, Article 134 of the TPC violates the privacy of private life, Article 135 of the TPC records personal data, Article 136 of the TPC illegally gives or seizes data, Article 142 of the TPC qualified theft, Article 158 of the TPC qualified fraud, Article 243 of the TPC causes multiple crimes such as entering the information system.
3. Intellectual Property Rights and Copyright Violations
During data mining, big data is processed. In this context, violations may occur due to the unauthorised use of works, books and elements that will be the subject of multiple intellectual property rights and the use of data content. Therefore, the works, etc., which will be the subject of intellectual property rights, should be protected separately. With the Digital Copyright in the Single Market (DSM) Directive (DSM Directive No. 2019/790/EU), the European Union has regulated the protection of intellectual and artistic works.
With the Digital Copyright (DSM) Directive, it is emphasised that although data mining will benefit universities and socio-cultural studies, there may be gaps in legal issues. In addition, if there is no limitation or exception, it is necessary to obtain permission from intellectual and industrial property right holders to process their data and to be used for data mining operations.
- Data Mining with Web Scraping Method
The process of collecting data on the internet is called web scraping. In this method, which uses tools and technologies specially designed for data collection, it can extract the necessary information by analysing the website system structures (HTML, CSS). During the use of this method, if the data on the websites contain copyright, it may cause infringement. If the copyrighted data is to be analysed or used for data mining, permission must be obtained from the data owner.
At the same time, as a result of the inclusion of information that may contain intellectual industrial rights or copyrights on the website, if the data processed during data mining contains trade secrets, it violates the Turkish Commercial Code and the Law on Intellectual and Industrial Rights because it can provide competitive advantages. In this case, permission will also be required.
4. Competition Law Violations
There are violations due to the fact that companies that gain power by using big data may create vulnerabilities in responsible data processing and thus in data mining. A ‘data monopoly’ may occur when companies or places that process big data and control large-scale data during the processing of this data.
Data monopoly can be defined as the unfair competitive advantage of data mining companies with large data sets over smaller companies. With the formation of a data monopoly, firms with large data sets can restrict the entry of rival firms into the market and restrict their activities in the market.
5. Breaches of Contract Law
Websites provide terms of service and customers agreements that specify how many users’ data can be used, and these must be accepted. Since it may be possible to breach the terms of service and user agreement during data mining, there may be a breach of contractual obligations.
