Privacy in Turkey: overview

A Q&A guide to privacy in Turkey.

The Q&A guide gives a high-level overview of privacy rules and principles, including what national laws regulate the right to respect for private and family life and freedom of expression; to whom the rules apply and what privacy rights are granted and imposed. It also covers the jurisdictional scope of the privacy law rules and the remedies available to redress infringement.

To compare answers across multiple jurisdictions, visit the Privacy Country Q&A tool.

This article is part of the global guide to data protection. For a full list of contents, please visit www.practicallaw.com/dataprotection-guide.

Contents

Legislation

1. What national laws (if any) regulate the right to respect for private and family life and freedom of expression?

Turkish Constitution

The Turkish Constitution is the primary piece of legislation governing the framework of privacy regulations. It sets out privacy as a fundamental right.

Article 20 provides that every person has the right to demand respect for his/her private and family life. Privacy of personal and/or family life must not be violated. Individuals' private papers and belongings cannot be searched or seized without legal grounds regulated under the same article.

According to Article 21, immunity of residence must not be violated. The same article defines national security, public order, prevention of crime, protection of public health and public morals, and the protection of the rights and freedoms of others as exceptional legal grounds for interfering with the immunity of residence. In such circumstances, a judicial decision and/or legally authorised public agency would be necessary.

Article 22 sets out the freedom and privacy of communication. Every person has a right to communicate and the privacy of communication is essential.

European Convention on Human Rights

Based on its signatory status to the European Convention on Human Rights (ECHR), Turkey must comply with the relevant article of the ECHR, namely Article 8 setting out the right to respect for private and family life. In addition, Article 10, setting out freedom of expression, states that preventing the disclosure of information received in confidence is one of the legal exclusions for limiting the freedom of expression.

Turkish Criminal Code

The Turkish Criminal Code has provisions related to privacy under its ninth chapter entitled "offences against privacy and secrecy of life". The chapter introduces a set of rules and then penalties for infringements:

  • Article 132 sets out that any person who violates a secret communication will be punished with one to three years' imprisonment. If the violation occurs through a recording of the communication, the sentence is doubled.

  • Article 133 about the "tapping and recording of conversations between individuals", states that anyone who monitors a private conversation between persons without any consent through a device, or who records such a conversation by means of a recorder, will be sentenced to between two to five years' imprisonment. On the other hand, in the case of the unlawful disclosure of such recorded conversations, the violating person will be punished with between two to five years' imprisonment and be subject to a judicial monetary fine.

  • Article 134 on the "violation of privacy", states that any person who violates the confidentiality of private life will be punished with one to three years' imprisonment. The prison sentence is doubled if the violation is made through a visual and/or sound recording. On the other hand, if there is an unlawful disclosure of visual or sound recordings, the violating person will be punished with two to five years' imprisonment.

  • Article 135 about the recording of personal data states that the illegal recording of personal data could result in the violating person going to prison for between one to three years. Furthermore, in circumstances where illegal recordings have been made involving data relating to the political, philosophical or religious views, ethnic origins, moral inclinations, sex lives, or union affiliations of individuals, the prison sentence is increased by half (resulting in between one and a half years to four and a half years' imprisonment).

  • Article 136 regarding the "unlawful delivery or acquisition of data" sets out that the illegal transfer, dissemination and collection of personal data is punishable by two to four years' imprisonment.

  • Article 138 about the "destruction of data" states that individuals who are responsible for the deletion of personal data, but who fail to fulfil this duty following the expiry of the retention period, can be imprisoned for one to two years.

Turkish Civil Code

The Turkish Civil Code contains provisions, specifically Articles 23, 24 and 25, protecting privacy rights. Article 23 states that no individual can waive his or her freedom or restrict his or her freedom contrary to the law, while Article 24 states that the violation of personal rights is unlawful unless there was:

  • Consent from the person whose right has been violated.

  • A prevailing private or public benefit.

  • Authority granted by law.

Finally, Article 25 sets out the civil remedies in case of an infringement of personal rights.

Turkish Labour Law

Article 75 of the Labour Law about the personal files of the employees provides that employers are obliged not to disclose information belonging to their employees, if it is in the interest of the relevant employees for the information to remain confidential. This provision also sets out that employers should use their employees' personal data in good faith as well as in accordance with other applicable laws.

Article 93 set out the duties of competent officials. It states that the authorities and officials responsible for following up, supervising and inspecting working conditions must follow strict secrecy protocols with respect to all they have seen and learnt concerning the employer and the company's professional secrets and financial and commercial circumstances, unless it is necessary to disclose these matters in order to carry out official proceedings.

Law on the Protection of Personal Data (Data Protection Law)

This recently adopted law is closely modelled on the EU's Data Protection Directive. It is the main piece of legislation setting out the rules in relation to the processing of personal data. Other than legitimate grounds such as public health, the consent of the data subject is required for the processing of personal data.

Banking Law

Article 73 provides that customers' personal data must be protected and kept confidential by banking personnel. Article 159 regulates that an administrative fine as well as a prison sentence (from one to three years) will be applicable for those in breach of this obligation.

Bank Cards and Credit Cards Law

Article 23 provides that the issuer is obliged to keep confidential any information it collects. Such data cannot be used except for issuer's own marketing activities. The issuer must take all precautions necessary to prevent any party from accessing this data, except for those entitled to under the law. The same article states that merchants must not disclose, store and/or copy any data (related either to the card or the cardholder), which was acquired in relation to the use of the credit card, unless written consent from the cardholder exists. In addition, merchants must not share, sell, buy or exchange card information with any party except for the entity who is party to the membership agreement.

Article 39 states that those who intentionally breach obligations set out in Article 23 (issuers, merchants, officers who undertake an administrative role at the merchant and those who commit such a breach) will be subject to a prison sentence of one to three years as well as a monetary fine.

Electronic Communications Law

Under Article 4, the Information Technology and Communications Authority, the public body entitled to implement this law, must follow the principle of information security and the privacy of communications, while regulating the electronic communications sector. On the other hand, service providers must also respect information security and privacy while providing electronic communication services.

Article 6 sets out that the Information Technology and Communication Authority must make the necessary arrangements and supervise in relation to the processing of personal data, and the protection of the privacy of subscribers, users, consumers and end users.

Article 51 sets out rules on the privacy of personal data in the electronic communications sector, including the following:

  • Electronic communications and traffic data is deemed private and the recording, retention, interception or tracking of electronic communications is prohibited without a legal basis or without the explicit consent of the data subjects who are parties to the communication.

  • Personal data can only be processed if it is expressly permitted by law and in line with the principles of good faith.

  • Retaining and accessing data in users' terminal equipment for purposes other than those related to the provision of electronic communications services, is permitted only on obtaining the users' informed and express consent.

  • Traffic data can be processed only by the persons who are authorised by operators with the aim of traffic management, fraud determination, interconnection, invoicing or similar situations, as well as dispute resolution specifically related to customer complaints and interception and invoicing issues.

  • Electronic communications operators must take administrative and technical measures to ensure the security of their users' personal data.

  • Electronic communications operators are responsible for ensuring personal data privacy, security and use in line with the intended purpose.

 
2. Who can commence proceedings to protect privacy?

Natural persons who are affected by the violation of their fundamental human rights, along with the relevant legislation which aims to protect privacy, can commence proceedings to protect their privacy and rights. Legal entities are not protected under the fundamental personal rights provisions of the Turkish Constitution.

 
3. What privacy rights are granted and imposed?

Privacy rights granted in Turkey include:

  • The right to respect private and family life.

  • Immunity of residence.

  • Electronic communications.

  • Personal data.

 
4. What is the jurisdictional scope of the privacy law rules?

Turkish privacy legislation is applicable within Turkey and is enforceable by Turkish courts. Therefore, the jurisdictional scope of the overall privacy laws exclusively covers Turkish territories.

 
5. What remedies are available to redress the infringement of those privacy rights?

Individuals may apply to the Constitutional Court in relation to any infringements of their fundamental rights. Apart from this, civil and criminal courts can also be applied to for violations of the privacy provisions under the Criminal Code and Civil Code. For unlawful processing of the personal data, the Data Protection Authority will be the main institution responsible for evaluating complaints about a breach of the Data Protection Law.

After exhausting of all the domestic remedies, individuals may apply to European Court of Human Rights.

 
6. Are there any other ways in which privacy rights can be enforced?

Other than taking legal actions in either civil and criminal courts or the Constitutional Court, the Data Protection Law provides that any individual is able to apply to the data controller who processed his or her data, in order to ask for an end to the unlawful data processing.

 

Contributor profiles

Fevzi Toksoy, Managing Partner

ACTECON

T +90 212 211 50 11
F +90 212 211 32 22
E fevzi.toksoy@actecon.com
W www.actecon.com

Professional qualifications. Competition and Trade Consultant

Areas of practice. EU and Turkish competition laws; anti-trust; international trade remedies; regulation; government affairs; complex merger filings/structuring of transactions; competition compliance programmes.

Non-professional qualifications. BSc, Bilkent University, 1994; LLM, EU Law at Marmara University Jean Monnet Institute, 1996; MA, EU Law at Universite Libre de Bruxelles (ULB), 1997; PhD, EU Law at Marmara University Jean Monnet Institute, 2007

Languages. Turkish, English, French

Professional associations/memberships.

  • ICN, Non-Governmental Advisor, International Competition Network Unilateral Conduct Working Group Member.
  • Bilgi University, Advisory Committee Member of Competition Law and Policies Application and Research Center.
  • Bilgi University, Advisory Committee Member of Ethics Research Center.
  • TEİD, Ethics and Reputation Society, Member of the Board.
  • American Bar Association (ABA), Associate Member.
  • Lecture on EU and Turkish competition law at the Marmara University EU Institute and lectures occasionally on mergers and acquisitions, international trade remedies and competition law aspects of EU and Turkish environmental law.

Publications.

  • Regulatory Authority and Superiority of Law ( Düzenleyici Kurumlar ve Hukukun Üstünlüğü) , Freedom Research Association ( Özgürlük Araştırmaları Derneği) , 2016.
  • Recent Problems in the Implementation of Competition Rules in Turkey, Practical Law, Thomson Reuters, 2015.
  • International Trade and Commercial Transactions in Turkey, Thomson Reuters, 2015 edition.
  • Trade & Customs: Turkey – Getting the Deal Through, 2015 edition.

Bahadır Balkı, Partner

ACTECON

T +90 212 211 50 11
F +90 212 211 32 22
E bahadir.balki@actecon.com
W www.actecon.com

Professional qualifications. Turkey, Attorney-at-Law

Areas of practice. EU and Turkish competition laws; anti-trust; international trade remedies; regulation; government affairs; complex merger filings/structuring of transactions; competition compliance programmes; competition litigation.

Non-professional qualifications. LLB, University of Bahcesehir, 2006; LLM, European Economic Law at Universitat des Saarlandes, Europa Institut, 2008

Languages. Turkish, English

Professional associations/memberships. ICN, Non-Governmental Advisor, International Competition Network Unilateral Conduct Working Group Member; Istanbul Bar Association; American Bar Association (ABA), Associate Member.

Publications.

  • Private Antitrust Litigation: Turkey, Getting the Deal Through, 2015 edition.
  • Trade & Customs: Turkey, Getting the Deal Through, 2015 edition.
  • Recidivism in Turkish Competition Law, Turkish Competition Authority, 2014.

Firdevs Sera Erzene Yıldız, Senior Consultant

ACTECON

T +90 212 211 50 11
F +90 212 211 32 22
E sera.yildiz@actecon.com
W www.actecon.com

Professional qualifications. Turkey, Attorney-at-Law

Areas of practice. EU and Turkish competition laws; anti-trust; international trade remedies; regulation; government affairs; merger filings; competition compliance programmes; competition litigation.

Non-professional qualifications. Law, Istanbul Bilgi University, 2008; LLM, in Competition Law, Queen Mary, University of London, 2012

Languages. Turkish, English, French

Professional associations/memberships. Istanbul Bar Association; American Bar Association (ABA), Associate Member.

Publications.

  • Private Antitrust Litigation: Turkey, Getting the Deal Through, 2015 edition.
  • Buyer Power in the Context of Private Label in the EU: Accompanied with a Special Reference to the UK's Approach, Global Antitrust Review 2012.

{ "siteName" : "PLC", "objType" : "PLC_Doc_C", "objID" : "1248042246352", "objName" : "Privacy in Turkey overview", "userID" : "2", "objUrl" : "http://us.practicallaw.com/cs/Satellite/us/resource/0-580-6007?null", "pageType" : "Resource", "academicUserID" : "", "contentAccessed" : "true", "analyticsPermCookie" : "2-605a14e:15b15f9ebbb:1bb1", "analyticsSessionCookie" : "2-605a14e:15b15f9ebbb:1bb2", "statisticSensorPath" : "http://analytics.practicallaw.com/sensor/statistic" }