On 28 September 2021, the Turkish Data Protection Board (the “Board”) published a long-awaited announcement regarding its position on the processing of personal data related to Covid-19 PCR test results and vaccination status, based on its decision No. 2021/980 of the same date.
The Board’s announcement specifically refers to the following letters issued by the Turkish Ministry of Interior and the Turkish Ministry of Labour:
- • Letter of the Ministry of Interior dated 20 August 2021, under which it is mandatory for the persons who want to participate in activities gathering large crowds (such as concerts, cinema or theatre) or to use public transportation, to submit Covid-19 PCR test results or proof of vaccination.
- • Letter of the Ministry of Labour dated 2 September 2021 under which, within the scope of the preventive and protective measures to address health and security risks in the workplace, private sector employers may require employees who are not vaccinated against Covid-19 to have a PCR test performed once a week, and to record the test results in order to take the necessary actions.
The Board noted that pursuant to Article 28 of Turkish Law No. 6698 on the Protection of Personal Data (the “Law”), the provisions of the Law do not apply to data processing activities performed within the scope of preventive, protective and intelligence activities carried out by public institutions and organisations duly authorised and entrusted by law with ensuring national defence, national security, public security, public order or economic security.
The Board stated that while Covid-19 PCR test results and vaccination status constitute sensitive data that should normally be processed in the conditions set forth under Article 6 of the Law, the processing of such data within the scope of preventive and protective activities carried out by Turkish public institutions and organisations to prevent the spread of the disease can be assessed in light of Article 28, and is therefore not subject to the provisions of the Law.
Although the announcement focuses on public institutions and does not make any clear reference to the processing of personal data by private entities, the Board seems to be taking the position that data processing activities conducted by private entities to implement the measures set forth in the letters of the Ministry of Interior and the Ministry of Labour, to the extent they are performed as part of the fight against the pandemic within the limits defined by these ministries, would fall outside the scope of the Law altogether. Further formal clarification through the Board’s future decisions will likely be needed to confirm this interpretation.
Please do not hesitate to contact us for any further information on this briefing.
Share
Related persons
You can contact us for detailed information.
Legal Information
This briefing is for information purposes; it is not legal advice. If you have questions, please call us. All rights reserved.
You May Be Interested In
10 September 2024
Turkish Data Protection Authority and Turkish Ministry of Trade sign cooperation protocol on targeted advertising and dark patterns
The Turkish Personal Data Protection Authority and the Turkish Ministry of Trade General Directorate of Consumer Protection and Market…
16 August 2024
Turkish Competition Law Newsletter – 2024 Summer Issue
We are pleased to share our quarterly newsletter on recent developments under Turkish Competition Law.
16 August 2024
New Regulatory Framework Unfolded for Establishment of Crypto Platforms
Following the July 2, 2024, introduction of the crypto asset regulation law under the Capital Markets Law No. 6362, the Capital Markets…
7 August 2024
Key Changes in the Local Tax Legislation
Paksoy legal briefing: “Key Changes in the Local Tax Legislation”
24 July 2024
Amendments on the Communiqué on Principles Regarding Real Estate Investment Funds
The Communiqué Amending the Communiqué on Principles Regarding Real Estate Investment Funds (III- 52.3) (“Amendment Communiqué”) has been…
18 July 2024
Turkish Data Protection Authority issues new regulation on cross-border data transfers
Paksoy legal briefing: “Turkish Data Protection Authority issues new regulation on cross-border data transfers”