With PayPal’s surprise decision to cease its Turkey operations, data transfer and localization policies of the Turkish government have started to receive more attention. It has been claimed that PayPal’s failure to obtain an operating license in Turkey for its e-money operations are connected to local data storage requirements. But data policy has also been on the political agenda of the country as data privacy requirements have surfaced as one of the unfulfilled components of the fragile refugee deal with Europe. EDAM’s latest cyber policy brief examines data transfer and data localization issues against this backdrop. Co-authored by Akin Unver, EDAM Board Member and Kadir Has University and Grace Kim, EDAM research fellow, the policy brief also includes a set of key recommendations on data policy.