Data Protection Law in Turkey

Data Protection Law in Turkey

Turkey is preparing to adopt a international convention for the protection of personal data.
The Turkish Parliament ratified the Council of Europe’s “Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data”
A draft law on the Protection of the Personal Data currently being debated by parliament’s Justice Commission will support the convention which is expected to make a contribution to operational cooperation between Turkish institutions and the “Eurojustice” network of European prosecutors-general.

The Constitution of the Republic of Turkey article 20

  1. Everyone has the right to demand respect for his private and family life.
  2. Privacy of individual and family life may not be violated.
  3. Exceptions necessitated by judiciary investigation and prosecution are reserved.
  4. Unless there exists a decision duly passed by a judge in cases explicitly defined by law, and unless there exists an order of an agency authorized by law in cases where delay is
    deemed prejudicial, neither the person himself nor any private papers, nor any belongings of an individual may be searched, nor may they be seized.

Turkish Civil Code (Law No: 4721): Articles 23 and 24

Protection of personality

Against waiver and extreme restrictions

  1. No person may waive his/her rights and capacity to act freely even if it is in the least degree.
  2. Neither a person may waive his/her freedom nor any one may impose restrictions on a person
    contrary to the laws and ethics.
  3. The, extraction, vaccination and transfer of biological substances of human origin is subject to the written consent of the concerned body. However, no claim may be raised against a person who undertakes to give biological substance persuading him to fulfil his/her obligations; also, no claim may be raised for compensation of physical and moral damages.

Against assault

Basic principle

  1. The person subject to assault on his/her personal rights may claim protection from the judge against the individuals who made the assault.
  2. Each assault against personal rights is considered contrary to the laws unless the assent of the person whose personal right is damaged is based on any one of the reasons related to private or public interest and use of authorisation conferred upon by the laws.

Turkish Criminal Code (Law No: 5237): Articles 134-140

Violation of Privacy

ARTICLE 134- (1) Any person who violates secrecy of private life, is punished with imprisonment from six months to two years, or imposed punitive fine. In case of violation of privacy by use of audio-visual recording devices, the minimum limit of punishment to be imposed may not be less than one year.
(2) Any person who discloses audio-visual recordings relating to private life of individuals are sentenced to imprisonment from one year to three years. In case of commission of this offense through press and broadcast, the punishment is increased by one half.

Recording of personal data

ARTICLE 135-(1) Any person who unlawfully records the personal data is punished with imprisonment from six
months to three years.
(2) Any person who records the political, philosophical or religious concepts of individuals, or personal
information relating to their racial origins, ethical tendencies, health conditions or connections with syndicates is
punished according to the provisions of the above subsection.

Unlawful delivery or acquisition of data

ARTICLE 136-(1) Any person who unlawfully delivers data to another person, or publishes or acquires the
same through illegal means is punished with imprisonment from one year to four years.

Qualified forms of offense

ARTICLE 137- (1) In case of commission of the offenses defined in above articles;
a) By a public officer or due influence based on public office,
b) By exploiting the advantages of a performed profession and art,
the punishment is increased by one half.

Destruction of Data

ARTICLE 138-(1) In case of failure to destroy the data within a defined system despite expiry of legally
prescribed period, the persons responsible from this failure is sentenced to imprisonment from six months to one


ARTICLE 139-(1) Excluding recording of personal data, unlawful delivery or acquisition of data and destruction
of data, commencement of investigation and prosecution for the offenses listed in this section is bound to

Imposition of security precautions on legal entities

ARTICLE 140-(1) Security precautions specific to legal entities are imposed in case of commission of offenses
defined in the above articles by legal entities.

Özgür Eralp

(Lawyer – Advocate – Attorney At Law – Legal Adviser – Counselor at law)

Yazar Hakkında