Turkish Personal Data Protection Board: Principle Decision on Posting Debt Information of Apartment/Site Residents in Common Areas

The Principle Decision dated 18 February 2026 and numbered 2026/348 (“Principle Decision”), adopted by the Turkish Personal Data Protection Board (“Board”), was published in the Official Gazette dated 31 March 2026 and numbered 33210. The Principle Decision addresses the posting of apartment/site residents’ debt information in common areas within the scope of apartment and site management processes.

The Principle Decision sets forth, in summary, the following determinations and evaluations:

• It is stated that, in practice, notices and lists regarding dues, advance payments, fixture expenses, and similar debts are posted in common areas such as notice boards, building entrances, and corridors, and that these lists may include personal data such as the relevant person’s name, surname, apartment number, debt amount, delay period, number of delayed payments, and ownership/tenancy information.
• It is emphasized that the processing of personal data in such practices must comply with the general principles set out under Article 4 of Law No. 6698, including being relevant, limited, and proportionate to the purpose for which the data are processed.
• It is stated that, even where an information obligation may arise from the applicable legislation, the chosen method of notification must not result in the unnecessary disclosure of personal data and access by unauthorized third parties must be prevented.
• In practice, such lists posted in common areas can be viewed not only by the individuals who owe debts, but also by other residents of the complex, visitors, delivery personnel, and other third parties.
• It is stated that even in the absence of names and surnames, debt information linked to apartment numbers can still render individuals identifiable and therefore constitutes personal data under Law No. 6698.
• It is concluded that posting such personal data in common areas does not rely on any of the processing conditions set out under Article 5 of Law No. 6698 and also constitutes a breach of the obligation to ensure data security under Article 12 of the Law.
• It is decided that such practices must be terminated immediately, that the relevant announcements/lists/documents must be removed from common areas without delay, and that an alternative method must be adopted for announcements and notifications to apartment owners that complies with Article 12 of the Law and is accessible only to relevant persons.
• It is also underlined that, pursuant to Article 18/1(b) of Law No. 6698, those who fail to fulfill their obligations regarding data security under Article 12 of the Law may be subject to an administrative fine.

You can access the full text of the Principle Decision here. 

Kind regards,

Zumbul Attorneys-At-Law

info@zumbul.av.tr