The Board of Protection of Personal Data Has Published New Decisions 10 April 2020
The Board of Protection of Personal Data Has Published New Decisions
Pursuant to Articles 15 and 22 of the Law on Protection of Personal Data No. 6698 (the “Law”), the Board of Protection of Personal Data (the “Board”) is entitled to conduct necessary inspections within the scope of its remit, either ex officio in case it learns independently of possible violations or upon complaint, and to impose administrative fines in cases of breach. The Board publishes, on its website, summaries of its post-investigation decisions, which are considered to be important and to establish precedents.
We hereby present summaries of several of these Board decisions.
Board Decision No. 2019/138, about unlawful access of an employee’s WhatsApp correspondence by a company owner, published on 16.05.2019 by the Board
Pursuant to a complaint made to the Board related to the claims about the unlawful obtaining of employee WhatsApp correspondence, which was subsequently shared with third parties, the Board initiated an investigation.
After the investigation, the Board concluded when an employer reads the correspondence of an employee made through the employee’s computer at the workplace, taking photos and/or screenshots, the employer has committed a crime under Turkish
Criminal Law No. 5237; when so deciding, the Board observed the complaint cannot be evaluated pursuant to Articles 15/1 and 15/2 of the Law, which provides the Board
is to make the necessary examination of alleged violations of the Law are it learned of them upon receiving a complaint, when complaint does not meet the requirements set forth in Article 6 of the Law on the Use of Right to Petition. In its decision, the Board found that the employer’s WhatsApp user is not a data controller, and reading the correspondence, taking photos and saving screenshots cannot be considered data processing.
Board Decision No. 2019/106, about claims that an intermediary service provider’s website requires visitors to log in and does not allow them to
proceed to homepage without filling in -mail section asking for their email addresses, published on 08.07.2019 by the Board
In a complaint made to the Board, the complainant alleged that an intermediary service provider’s website requires its visitors to log in and does not allow them to proceed to homepage without first providing their e-mail addresses, which means the provision of personal data is a condition for the use of service, with legal bases for processing the personal data not clearly stated in the data processing notice.
As a result of its examination, the Board found that offering or making utilization of a product or service conditioned on the provision of personal data violated the explicit consent requirement, i.e., the rule requiring that explicit consent be an exercise of free will. Although the website subject to the review does not appear to be a direct supplier/provider of goods and services, the Board observed the site acts as an intermediary service provider, allowing the purchase of various services offered by a variety of service providers in other locations, and in different sectors. In this regard, however, based on the Board’s assessment that the discounted prices and advantages offered within the website are only offered to its members, rather than being the provision or utilization of a product or service provided pursuant to explicit consent, the Board decided there is no action to be taken under the Law regarding the subject matter.
In addition, when text on the website, titled “Our Privacy and KVK Policy”, , was examined by the Board within the framework of the “relevant legislation” , the Board observed it had not been specified whether the personal information processed by the website was processed within the framework of the obligations arising under that legislation or was based on the explicit consent of the relevant persons, or what part of the personal data in question was processed in accordance with any such explicit consent . In this context, the Board concluded if the personal data processing activity was based on anything other than the explicit consent provided for in the Law, there would be no need to obtain explicit consent from the person concerned, as that would be deceptive and a misuse of the explicit consent requirement. As a matter of fact, it must be emphasised that, if the explicit consent of the relevant person is withdrawn, it would mean the data controller who continues the data processing activity of the personal information in question based on one of the other personal data processing conditions, would be violating the Law.
The Board decided to instruct the website to update the text of its “Privacy and KVK Policy” by taking into account the provisions found in the “Communique on Principles and Procedures to be Followed in Fullfillment of the Obligation to Inform” and the website’s obligation to properly inform and obtain explicit consent. As the Board has stated in many resolutions, the provisions on websites related to privacy must be written clearly and understandable, as well as being as short and concise as possible, and most importantly be in accordance with the Law, including the obligation to use titles such as “KVKK Information Text”, “Our KVKK Policy”, and “Privacy and Information about KVKK”.. IN other words, the Board has made it clear that privacy relate notices should be presented to the relevant persons in a clear, simple and understandable manner, and in accordance with the provisions of the Law and related secondary legislation.
Board Decision No. 2019/273, on the requests of relatives to access their deceased ones’ personal data, published on 18.09.2019 by the Board
In an appeal made to the Board by the spouse of the deceased, the living spouse requested medical records and other information of the deceased spouse from a medical clinic by registered letter with return receipt. However, the clinic did not answer. Thereupon, the spouce forwarded an e-mail containing the aforementioned requests to the clinic's electronic address, after which the request was rejected by the clinic, which stated it could not share such information in absence of an official request. The living spouse then /she appealed to the Board for access to the personal data of the deceased spouse.
The Board considered Article 3 of the Law , and determed the relevant person is defined as “real person whose personal data is processed” and decided the living spouse’s request would not qualify be considered as a request under Article 11 of the Law, since the requested personal data was not related to the living spouse and, instead, belongs to the deceased spouse. The Board took into consideration the provision in the definition of personal data regarding being related to the “real person”, and then considered the definition of personality set forth in the Civil Code, which provides personality begins with birth and ends at death, it conluded the personal data of deceased persons cannot be considered as personal data within the scope of the Law, and the rights specified in Article 11 of the Law cannot be utilized.
Other News
-
8.12.2025
What is OFAC? Its Strategic Importance For Investors And Areas Of Application
As the world changes and with each passing day, one of the terms we encounter more frequently is "OFAC". In today's globalized world, investors seeking to make international investments come across OFAC or interact with it in one way or another. This is because the sanctions imposed by OFAC relate not only to U.S. citizens or U.S.-origin companies, but also to individuals who have direct or indirect economic or financial contact with the United States. So, what is this OFAC?
-
4.12.2025
Loans To Shareholders And Adat Invoice
In practice, it is quite common for companies to extend loans to their shareholders. In situations where the company becomes a creditor of its shareholders, adat interest must be calculated on the outstanding balance and an invoice must be issued. Accordingly, adat is a method used to calculate accrued interest based on the period during which company funds are utilized by shareholders or related parties, ensuring that any potential tax loss is compensated. These calculations are important for compliance with transfer pricing rules, accurate determination of the tax base, and the fulfillment of legal obligations such as Value Added Tax (“VAT”).
-
28.11.2025
Notification Process To The Central Securities Depository & Trade Repository Of Türkiye For Bearer Share Certificates And Legal Consequences
1. Issuance and Notification of Bearer Share Certificates Pursuant to Article 484 of the Turkish Commercial Code ("TCC"), joint stock companies have two types of share certificates: registered shares and bearer shares. While the transfer of registered shares is completed through delivery, certain conditions have been introduced under the Communiqué on the Notification and Registration of Bearer Share Certificates with the Central Securities Depository ("Communiqué") for the transfer of bearer shares. Within the scope of the Communiqué, the registration of bearer shares with the Central Securities Depository & Trade Reposıtory of Türkiye ("MKK"), the adoption of a board resolution, and the registration and announcement of this resolution before the relevant trade registry directorate and in the Turkish Trade Registry Gazette are required.
-
20.11.2025
The Letter Of Intent Procsess in Merger and Acquisition Transactions
Merger and acquisition ("M&A") transactions are multi-layered processes from both legal and commercial perspectives. Before the parties proceed to the contractual stage, they enter into a preparatory phase in order to articulate their transactional intentions, exchange commercial expectations, and establish the legal framework. This preparatory phase constitutes the initial stage in which the parties discuss the fundamental principles of the transaction structure, formulate their negotiation strategies, and assess the transactional risks.
-
14.11.2025
New Constitutional Court Decision On Violation Of The Right To A Reasoned Decision Published İn The Official Gazette
1. INTRODUCTION The reasoning constitutes the part of judicial decisions that demonstrates the cause and justification for resolving the matter in the manner indicated in the operative section, and it is an extension of adjudication. The fact that the reasoning is satisfactory and consistent is crucial for ensuring the right to be legally heard and the right to a fair trial. By setting forth the court's impartiality, a reasoned judgment enables the parties to understand and be satisfied with the material and legal grounds upon which they have won or lost the case, owing to reasoning that genuinely aligns with the contents of the file, as well as with logic and law.
-
7.11.2025
Decision Of The Constitutional Court Concercing Excluded Pernonnel
In the Constitutional Court's Judgment published in the Official Gazette dated 22 September 2025.
-
24.10.2025
The Obligation for the Principal and Subcontractor Employers to Jointly Participate in Mediation Has Been Annuled by the Constitutional Court
An important Constitutional Court decision has been published regarding the mediation process that an employee can apply to with a request for reinstatement after the termination of employment relations in the workplace. The Constitutional Court ruled that the provision in paragraph (15) of Article 3 of the Labor Courts Law No. 7036, which states, "In cases where there is a principal employer-subcontractor relationship, for a request for reinstatement to be submitted to a mediator, the employers must participate in the mediation talks together and their intentions must be compatible for an agreement to be reached," is unconstitutional. The decision was published in the Official Gazette dated October 17, 2025, and numbered 33050.
-
23.10.2025
The Constitutional Court Has Annulled The Provision Granting The President Authority To Restrict Foreign Exhange And Money Movements!
In its decision No. 2024/193 Merits 2025/136 Decision1 dated 17 June 2025 ("Decision"), published in the Official Gazette on 15 October 2025, the Constitutional Court ("Court") annulled Article 1 of Law No. 1567 on the Protection of the Value of the Turkish Currency ("Law"). The annulled provision had stated that: "The President is authorized to make decisions for the regulation and restriction of the export from or import into the country of currencies, securities, and bonds, and of the purchase and sale of foreign exchange, cash, securities, bonds, precious metals, precious stones, and any goods and valuables made of or containing them; as well as of commercial papers and all means and instruments used for payment, and to take decisions aimed at protecting the value of the Turkish currency."
-
21.10.2025
Seizure of Property Belonging to Persons Other than the Debtor and Protection of Legal Rights
In enforcement proceedings, the seizure of property that does not belong to the debtor but rather to third parties is a situation frequently encountered in practice that leads to significant aggrievements. Uncertainties arising from property regimes complicate ownership relations, making it difficult to accurately determine to whom the property belongs during enforcement measures. Within this framework, when seizure is imposed on property belonging to the debtor's spouse or another third party, the most important legal remedy is the ownership claim (assertion).
-
20.10.2025
Mergers and Acquisitions and the Notification Obligation within the Framework of Competition Law
Mergers and acquisitions (M&A) are at the center of the growth and restructuring strategies of companies. These transactions, serving the purpose of companies to expand both nationally and internationally to increase their market shares or to enter into new markets, not only give rise to economic and commercial consequences but also carry the potential to directly affect the competition dynamics in the relevant market. Therefore, merger and acquisition transactions may affect the competition structure in the market. In this respect, while M&A transactions create strategic opportunities, they are also among the areas carefully scrutinized by regulatory authorities to preserve competitive order.
-
17.10.2025
Important Amendment to the Organized Industrial Zones (OIZ) Implementation Regulation: Additional Time Granted To Participant
Published in the Official Gazette No. 33050, dated October 17, 2025, the "Regulation Amending the Organized Industrial Zones Implementation Regulation" introduces a new Provisional Article 13 to the existing regulation.This new provision allows OIZ participants who have not yet obtained a building permit or a workplace opening and operating license to apply for an extension period under certain conditions.
-
15.10.2025
Current Status Of The Obligation To Maintain Commercial Books In Electronic Form
1. INTRODUCTION With the Communiqué Amending the Communiqué on Keeping Commercial Books Not Related to the Accounting of the Enterprise in Electronic Form, published in the Official Gazette dated September 20, 2025 and numbered 33023 (“Amendment Communiqué”), significant amendments have been introduced to the Communiqué on Keeping Commercial Books Not Related to the Accounting of the Enterprise in Electronic Form, published in the Official Gazette dated February 14, 2025 and numbered 32813 (“Communiqué”).
-
25.9.2025
Social Security Procedures To Be Carried Out By The Employer Following A Reinstateme
Upon receiving notification of a final and binding reinstatement decision, if the employee communicates their intention to return to work within 10 business days, the employer may either reinstate the employee or refuse reinstatement by paying both the four months' idle period wages determined by the court and the compensation for non-reinstatement. As seen, the employer has two alternative courses of action in this situation; however, the procedures to be carried out before the Social Security Institution (SGK) differ in each case.
-
19.9.2025
The Court of Cassation has Ruled That The Competent Court Fot Cases Brought On The Grounds Of Volation Of The Non-Competition Clause Is The Commercial Court of First Instance
1. Introduction The duty not to compete is a type of loyalty obligation owed by the employee to the employer. The employee undertakes not to compete with the employer during the term of the employment contract as part of their loyalty obligation. However, Turkish law does not contain any legal provisions prohibiting the employee from competing with the employer after the employment contract has ended. However, the parties may freely agree that the employee will not compete with the employer after the termination of the employment contract. Articles 444-447 of the Turkish Code of Obligations also contain provisions and restrictions regarding non-competition agreements that may be established between the employee and the employer.
-
16.9.2025
Transfer Fee: Legal Characterization and Practical Application
1. Introduction The concept of a transfer fee is not directly defined in the Turkish Labor Code; its framework and legal nature in practice have largely been shaped by the decisions of the Court of Cassation (Turkey). This practice, which arises particularly in sectors with intense competition and limited skilled labor, is a type of payment that employers must carefully consider within the scope of their employment policies.
