Turkish Data Protection Board issues announcement on the processing of Covid-19 PCR test results and vaccination status

On 28 September 2021, the Turkish Data Protection Board published a long-awaited announcement regarding its position on the processing of personal data related to Covid-19 PCR test results and vaccination status, based on its decision No. 2021/980 of the same date.

4 October 2021| Publications|3 Minutes

On 28 September 2021, the Turkish Data Protection Board (the “Board”) published a long-awaited announcement regarding its position on the processing of personal data related to Covid-19 PCR test results and vaccination status, based on its decision No. 2021/980 of the same date.

The Board’s announcement specifically refers to the following letters issued by the Turkish Ministry of Interior and the Turkish Ministry of Labour:

  • • Letter of the Ministry of Interior dated 20 August 2021, under which it is mandatory for the persons who want to participate in activities gathering large crowds (such as concerts, cinema or theatre) or to use public transportation, to submit Covid-19 PCR test results or proof of vaccination.
  • • Letter of the Ministry of Labour dated 2 September 2021 under which, within the scope of the preventive and protective measures to address health and security risks in the workplace, private sector employers may require employees who are not vaccinated against Covid-19 to have a PCR test performed once a week, and to record the test results in order to take the necessary actions.

The Board noted that pursuant to Article 28 of Turkish Law No. 6698 on the Protection of Personal Data (the “Law”), the provisions of the Law do not apply to data processing activities performed within the scope of preventive, protective and intelligence activities carried out by public institutions and organisations duly authorised and entrusted by law with ensuring national defence, national security, public security, public order or economic security.

The Board stated that while Covid-19 PCR test results and vaccination status constitute sensitive data that should normally be processed in the conditions set forth under Article 6 of the Law, the processing of such data within the scope of preventive and protective activities carried out by Turkish public institutions and organisations to prevent the spread of the disease can be assessed in light of Article 28, and is therefore not subject to the provisions of the Law.

Although the announcement focuses on public institutions and does not make any clear reference to the processing of personal data by private entities, the Board seems to be taking the position that data processing activities conducted by private entities to implement the measures set forth in the letters of the Ministry of Interior and the Ministry of Labour, to the extent they are performed as part of the fight against the pandemic within the limits defined by these ministries, would fall outside the scope of the Law altogether. Further formal clarification through the Board’s future decisions will likely be needed to confirm this interpretation.

Please do not hesitate to contact us for any further information on this briefing.

Share

Related area

Data Privacy, Data Protection and Cybersecurity
Healthcare and Pharmaceuticals

Related persons

You can contact us for detailed information.

Stéphanie Beghe Sönmez

Partner

sbeghe@paksoy.av.tr

Mert Karakaşlar

Senior Associate

mkarakaslar@paksoy.av.tr

Download Content as PDF
Legal Information

This briefing is for information purposes; it is not legal advice. If you have questions, please call us. All rights reserved.

You May Be Interested In

Privacy Preference Center

Cookie Preferences

We use cookies to improve your user experience on our website while respecting your privacy. Not allowing certain cookies may affect your experience. By continuing to visit this website, you agree to our use of cookies marked as “active” below and accept our Cookie Policy (accessible through our Terms and Conditions) without any restriction or objection.

Mandatory cookies

Always active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to your actions that imply a request for service, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or warn you about these cookies, but in this case some parts of the site will not work. These cookies do not store any personally identifiable information. You can access cookie details here.

Analytical cookies

Analytical cookies are used to understand how visitors interact with the website. These cookies help to provide information about metrics such as number of visitors, bounce rate, traffic source, etc. These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and to see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we cannot know when you visit our site and we cannot monitor the performance of our site. You can access cookie details here.

Youtube

We use YouTube infrastructure to display podcast and video content. You can access cookie details here.

Spotify

We use Spotify infrastructure to display podcast content. You can access cookie details here.