On 28 September 2021, the Turkish Data Protection Board (the “Board”) published a long-awaited announcement regarding its position on the processing of personal data related to Covid-19 PCR test results and vaccination status, based on its decision No. 2021/980 of the same date.
The Board’s announcement specifically refers to the following letters issued by the Turkish Ministry of Interior and the Turkish Ministry of Labour:
- • Letter of the Ministry of Interior dated 20 August 2021, under which it is mandatory for the persons who want to participate in activities gathering large crowds (such as concerts, cinema or theatre) or to use public transportation, to submit Covid-19 PCR test results or proof of vaccination.
- • Letter of the Ministry of Labour dated 2 September 2021 under which, within the scope of the preventive and protective measures to address health and security risks in the workplace, private sector employers may require employees who are not vaccinated against Covid-19 to have a PCR test performed once a week, and to record the test results in order to take the necessary actions.
The Board noted that pursuant to Article 28 of Turkish Law No. 6698 on the Protection of Personal Data (the “Law”), the provisions of the Law do not apply to data processing activities performed within the scope of preventive, protective and intelligence activities carried out by public institutions and organisations duly authorised and entrusted by law with ensuring national defence, national security, public security, public order or economic security.
The Board stated that while Covid-19 PCR test results and vaccination status constitute sensitive data that should normally be processed in the conditions set forth under Article 6 of the Law, the processing of such data within the scope of preventive and protective activities carried out by Turkish public institutions and organisations to prevent the spread of the disease can be assessed in light of Article 28, and is therefore not subject to the provisions of the Law.
Although the announcement focuses on public institutions and does not make any clear reference to the processing of personal data by private entities, the Board seems to be taking the position that data processing activities conducted by private entities to implement the measures set forth in the letters of the Ministry of Interior and the Ministry of Labour, to the extent they are performed as part of the fight against the pandemic within the limits defined by these ministries, would fall outside the scope of the Law altogether. Further formal clarification through the Board’s future decisions will likely be needed to confirm this interpretation.
Please do not hesitate to contact us for any further information on this briefing.
Share
Related persons
You can contact us for detailed information.
Legal Information
This briefing is for information purposes; it is not legal advice. If you have questions, please call us. All rights reserved.
You May Be Interested In
20 December 2024
Amendments to Turkish Sustainability Reporting Standarts
The decision of the Public Oversight, Accounting, and Auditing Standards Authority (the “Decision”) on determining the scope of application…
12 December 2024
Recent Developments in Healthcare Legislation – 2024 Fall Issue
On 28 May 2024, Turkish Medicines and Medical Devices Agency (“Agency”) has shared the Draft Regulation on the Promotional Activities of…
29 November 2024
Turkish Competition Law Newsletter – 2024 Autumn Issue
The first decision involved Trugo Akıllı Şarj Çözümleri Sanayi ve Ticaret A.Ş. (“Trugo”), a subsidiary of Türkiye’nin Otomobili Girişim…
15 November 2024
WPP YEKA Tender 2024
The Republic of Türkiye’s Ministry of Energy and Natural Resources (“Ministry”) announced the Tender for the Allocation of Renewable…
25 October 2024
Regulation on the Withdrawal of Human Medicinal Products and Foods for Special Medical Purposes
The Regulation introduces provisions regulating withdrawal processes in a specific and detailed way and aligning such processes with modern…