The Board of Protection of Personal Data Has Published New Decisions 10 April 2020
The Board of Protection of Personal Data Has Published New Decisions
Pursuant to Articles 15 and 22 of the Law on Protection of Personal Data No. 6698 (the “Law”), the Board of Protection of Personal Data (the “Board”) is entitled to conduct necessary inspections within the scope of its remit, either ex officio in case it learns independently of possible violations or upon complaint, and to impose administrative fines in cases of breach. The Board publishes, on its website, summaries of its post-investigation decisions, which are considered to be important and to establish precedents.
We hereby present summaries of several of these Board decisions.
Board Decision No. 2019/138, about unlawful access of an employee’s WhatsApp correspondence by a company owner, published on 16.05.2019 by the Board
Pursuant to a complaint made to the Board related to the claims about the unlawful obtaining of employee WhatsApp correspondence, which was subsequently shared with third parties, the Board initiated an investigation.
After the investigation, the Board concluded when an employer reads the correspondence of an employee made through the employee’s computer at the workplace, taking photos and/or screenshots, the employer has committed a crime under Turkish
Criminal Law No. 5237; when so deciding, the Board observed the complaint cannot be evaluated pursuant to Articles 15/1 and 15/2 of the Law, which provides the Board
is to make the necessary examination of alleged violations of the Law are it learned of them upon receiving a complaint, when complaint does not meet the requirements set forth in Article 6 of the Law on the Use of Right to Petition. In its decision, the Board found that the employer’s WhatsApp user is not a data controller, and reading the correspondence, taking photos and saving screenshots cannot be considered data processing.
Board Decision No. 2019/106, about claims that an intermediary service provider’s website requires visitors to log in and does not allow them to
proceed to homepage without filling in -mail section asking for their email addresses, published on 08.07.2019 by the Board
In a complaint made to the Board, the complainant alleged that an intermediary service provider’s website requires its visitors to log in and does not allow them to proceed to homepage without first providing their e-mail addresses, which means the provision of personal data is a condition for the use of service, with legal bases for processing the personal data not clearly stated in the data processing notice.
As a result of its examination, the Board found that offering or making utilization of a product or service conditioned on the provision of personal data violated the explicit consent requirement, i.e., the rule requiring that explicit consent be an exercise of free will. Although the website subject to the review does not appear to be a direct supplier/provider of goods and services, the Board observed the site acts as an intermediary service provider, allowing the purchase of various services offered by a variety of service providers in other locations, and in different sectors. In this regard, however, based on the Board’s assessment that the discounted prices and advantages offered within the website are only offered to its members, rather than being the provision or utilization of a product or service provided pursuant to explicit consent, the Board decided there is no action to be taken under the Law regarding the subject matter.
In addition, when text on the website, titled “Our Privacy and KVK Policy”, , was examined by the Board within the framework of the “relevant legislation” , the Board observed it had not been specified whether the personal information processed by the website was processed within the framework of the obligations arising under that legislation or was based on the explicit consent of the relevant persons, or what part of the personal data in question was processed in accordance with any such explicit consent . In this context, the Board concluded if the personal data processing activity was based on anything other than the explicit consent provided for in the Law, there would be no need to obtain explicit consent from the person concerned, as that would be deceptive and a misuse of the explicit consent requirement. As a matter of fact, it must be emphasised that, if the explicit consent of the relevant person is withdrawn, it would mean the data controller who continues the data processing activity of the personal information in question based on one of the other personal data processing conditions, would be violating the Law.
The Board decided to instruct the website to update the text of its “Privacy and KVK Policy” by taking into account the provisions found in the “Communique on Principles and Procedures to be Followed in Fullfillment of the Obligation to Inform” and the website’s obligation to properly inform and obtain explicit consent. As the Board has stated in many resolutions, the provisions on websites related to privacy must be written clearly and understandable, as well as being as short and concise as possible, and most importantly be in accordance with the Law, including the obligation to use titles such as “KVKK Information Text”, “Our KVKK Policy”, and “Privacy and Information about KVKK”.. IN other words, the Board has made it clear that privacy relate notices should be presented to the relevant persons in a clear, simple and understandable manner, and in accordance with the provisions of the Law and related secondary legislation.
Board Decision No. 2019/273, on the requests of relatives to access their deceased ones’ personal data, published on 18.09.2019 by the Board
In an appeal made to the Board by the spouse of the deceased, the living spouse requested medical records and other information of the deceased spouse from a medical clinic by registered letter with return receipt. However, the clinic did not answer. Thereupon, the spouce forwarded an e-mail containing the aforementioned requests to the clinic's electronic address, after which the request was rejected by the clinic, which stated it could not share such information in absence of an official request. The living spouse then /she appealed to the Board for access to the personal data of the deceased spouse.
The Board considered Article 3 of the Law , and determed the relevant person is defined as “real person whose personal data is processed” and decided the living spouse’s request would not qualify be considered as a request under Article 11 of the Law, since the requested personal data was not related to the living spouse and, instead, belongs to the deceased spouse. The Board took into consideration the provision in the definition of personal data regarding being related to the “real person”, and then considered the definition of personality set forth in the Civil Code, which provides personality begins with birth and ends at death, it conluded the personal data of deceased persons cannot be considered as personal data within the scope of the Law, and the rights specified in Article 11 of the Law cannot be utilized.
Other News
-
5.9.2025
Competition in the Labor Market: HR Practices to Avoid
The Turkish Competition Authority ("Authority"), which is entrusted with ensuring the proper functioning of markets, identifying practices that restrict competition, and imposing sanctions against infringements, operates under Law No. 4054 on the Protection of Competition ("Law") without distinction between input and output markets. Labor markets have recently emerged as one of the primary arenas in which entities compete in input markets and, with the influence of various additional dynamics, have become a market increasingly prioritized by the Authority. The Guidelines on Competition Violations in Labor Markets ("Guidelines"), adopted by the Authority on November 21, 2024, serve as an important reference for the prevention of competition infringements in labor markets. In this bulletin, in light of the Guidelines and decisions of the Competition Board ("Board") within the Authority, (i) the fundamental principles and information regarding the application of competition law to labor markets, and (ii) the main prohibited practices to be observed when competing in labor markets will be addressed.
-
29.8.2025
Does An Employee's Extended Period Of Sick Leave Grant The Employer The Right To Terminate The Emploment Contract?
In employer-employee relations, the direct impact of long-term medical reports on the status of the employment contract holds critical importance for both employees and employers. In particular, uninterrupted periods of sick leave lasting for a certain duration are regulated under Article 25/I(b) of the Labour Law as a specific provision that grants the employer the right to immediate termination for just cause and determines the rights to be granted to the employee. In this context, how the employer may exercise the right of termination for just cause following the employee's extended medical leave and the legal basis of this process should be examined in detail.
-
27.8.2025
Regulation On Direct Selling Was Published
The Regulation on Direct Selling ("Regulation"), issued by the Ministry of Trade ("Ministry") pursuant to Articles 47/A and 84 of the Consumer Protection Law No. 6502, was published in the Official Gazette dated 08.08.2025 and numbered 32980, thereby entering into force.
-
18.8.2025
SMS Verification Codes and the Personal Data Protection Board's Guideline Decision No. 2025/1072
The Personal Data Protection Board's Guideline Decision dated 10 June 2025 and numbered 2025/1072 introduces significant regulations regarding personal data processing activities conducted through SMS verification codes, which have become a widespread practice in commercial life. The decision requires significant adjustments to customer relationship management, particularly in the service and retail industries.
-
11.8.2025
Mergers And Acquisitions Of Companies Engaged In Renewable Energy Gereration
In recent years, notable developments in Turkey's electricity market have extended beyond investments aimed solely at increasing generation capacity. The sector has also come into focus through strategic investments and merger and acquisition (M&A) transactions involving companies operating in the field of renewable energy.
-
31.7.2025
Annual Leave, Severance Pay, and Notice Pay in Part - Time Employment Contracts
Part-Time Employment Contract Article 13 of the Labor Law No. 4857 defines a part-time employment contract as "a contract in which the employee's normal weekly working hours are significantly less than those of a full-time employee performing similar work."
-
30.7.2025
Legal Remedies And The Official Appeal Process For Property Tax Values
a. General Overview Following the enactment of Law No. 4751 in 2002, which amended the Tax Procedure Law, the Property Tax Law, and the Fees Law, the declaration-based system for determining the property tax base was abolished, and the tariff and assesment procedure implemented by administrative authorities was adopted.
-
25.7.2025
Labour Law No. 4857 Amended! Electronic Notification Opportunity Introduced With Rem
Article 109 of the Labour Law No. 4857 has been amended, together with its title and content, by the Law Amending the Law on the Protection of the Value of Turkish Currency and Certain Laws and the Decree Law No. 635 published in the Official Gazette dated 24 July 2025. With this important amendment, the procedures regarding the form of notifications to be made between employers and employees have been redefined.
-
16.7.2025
Terminatıon Right Of The Employer Due To Conviction And Detention And Legal Consequences
In labour law practice, which is a dynamic field based on the principle of protecting the balance between the employee and the employer, the employee's failure to fulfill their obligation to perform work-especially when this results from circumstances that restrict individual freedom, such as conviction or detention-has significant legal consequences regarding the termination of the employment contract.
-
14.7.2025
Radical Change In The Labor Law Dated 14.07.2025: Flexible Week Holiday Period Has Started In The Tourism Sector!
With the Law No. 7553 on the "Amendment of Certain Laws and Decree Law No. 375" published in the Official Gazette on July 14, 2025, important innovations have been introduced in the Labor Law and some other laws. In this context; as of 14.07.2025, with the provision added to the article Article 46 of the Labor Law which regulates the week holiday, flexible week holiday specific to the tourism sector have been introduced.
-
9.7.2025
Climate Law Enacted
The Climate Law No. 7552 ("Law"), which includes regulations on the procedures and principles related to the reduction of greenhouse gas emissions in the fight against climate change, climate adaptation activities, planning and implementation tools, revenues, permits and inspections, and the legal and institutional framework surrounding these, was published in the Official Gazette dated July 9, 2025, No. 32951, and entered into force. This Law sets out general principles and objectives from a casuistic perspective, preferring to leave detailed and technical regulations to secondary legislation.
-
7.7.2025
Mediation Practices In The Land Registry
Pursuant to the amendments introduced by Law on Amendments to the Enforcement and Bankruptcy Law and to Certain Other Laws which was published in the Official Gazette dated 05.04.2023, numbered 32154 to the Law on Mediation in Civil Disputes dated 7/6/2012 and numbered 6325 ("Law"), the scope of disputes that may be resolved through procedural- mandatory- and voluntary mediation has been expanded.
-
27.6.2025
Effects Of The Concordatum Period On Pledgees
Pursuant to Article 285 of the Enforcement and Bankruptcy Law (EBL), a debtor who is unable to pay their debts on time or is at risk of default may request a concordatum. During the period granted to the debtor upon such request, no enforcement proceedings may be initiated, and ongoing proceedings are suspended, in accordance with Article 294/1 of the EBL.
-
18.6.2025
M&A Dynamics in Publicly Traded Companies: New Investment Strategies Through Borsa Istanbul
In recent years, IPOs in Turkey have reached record levels. In 2023 and 2024, a large number of companies started trading in Borsa Istanbul as a result of initial public offerings (IPO) transactions. These IPOs, which attracted great interest from small investors, stand out as important strategic moves in which companies gain transparency and visibility, and also play a role as an important financing tool. With IPOs, publicly traded companies / partnerships are now drawing the attention of not only small investors but also domestic/foreign strategic and financial investors.
-
16.6.2025
The Court Of Cassation Abandoned Its Long-Standing Precedent Regarding Construction Conracts In Return For Land Shares, Known As "Advance Deed"
Construction contracts in return for land shares are a common practice in the construction sector in Turkey.
