For further information,
please contact:
Legal Alerts

Turkish Data Protection Authority Issues Announcement on Processing Location Data During COVID-19 Outbreak

Legal Alerts
IT & Communications

Recent Development

On April 9, 2020, the Personal Data Protection Authority (“DPA“) issued an announcement on the processing of location data and mobility tracking during the COVID-19 outbreak. The DPA regarded location data as personal data and stated that the processing of location data by public institutions and organizations in the scope of public health measures complies with the Law on Personal Data Protection (“Law“). The DPA’s announcement is available online here (in Turkish).

What’s New?

The DPA stated that data subjects’ health, location and contact information are processed through mobile applications and other mediums with the purpose of detecting infected citizens; mapping the spread of COVID-19; quarantine measures; monitoring quarantined citizens; curfew implementation; and detection of crowded areas in order to prevent the spread of COVID-19.

According to Article 28 of the Law, provisions of the Law do not apply to the data processing activities in the scope of preventive, protective and intelligence acts of the competent public authorities and institutions to ensure public safety and public order. In cases of threats to public order and safety such as pandemics, the DPA assessed that public authorities and organizations’ data processing activities, such as ensuring the isolation of COVID-19 positive citizens; detection of crowded areas through location data; and developing adequate measures fall within the scope of the foregoing exception.

The DPA underlined the sensitive nature of the personal data collected, and expressed that the relevant public authorities and organizations must take the necessary technical and organizational measures to ensure data protection, and delete or destroy the data they collected when the processing purposes no longer exist.

Turkey continues to take active steps to combat the COVID-19 pandemic. All data controllers must carry out their data processing activities during the COVID-19 outbreak in accordance with the Law and the guidance of the DPA, and closely follow the DPA’s announcements and explanations in this regard.

Please stay up to date with further developments through the Esin Attorney Partnership Coronavirus Helpdesk.