Duyurular

Turkish Constitutional Court Decision Regarding the Violation of the Right to Protection of Personal Data of the Employee Whose Bank Account Data was Inspected by His Employer without His Consent and Authorization

Data Protection Law

In the individual application decision of the Presidency of the Turkish Constitutional Court ("Constitutional Court") dated 13/2/2024 with application number 2020/36976 ("Decision"), the right of the applicant employee, whose labor contract was cancelled, to request the protection of personal data within the scope of the right to privacy under Article 20 of the Turkish Constitution (“Constitution”), was reviewed.

The decision was published in the Turkish Official Gazette dated March 22, 2024 and numbered 32497, and in summary;

  • The employee was accused by his employer, who ended his employment contract in order not to pay the employee's labor receivables, of obtaining unjust gains, and for this reason, the employer examined his bank and credit card account movements and searched the persons to whom he transferred money,
  • The applicant started an investigation against his employer with these allegations,
  • The Chief Public Prosecutor's Office decided nonsuit on the grounds that the mere disclosure of personal data to others through sensory organs does not constitute the crime of unlawful acquisition of personal data, but if there are conditions, the crime of violating the privacy can be evaluated,
  • Despite the applicant's request to the investigation file to send a warrant to the banks and to listen to his witness, the Chief Public Prosecutor's Office stated that there was no evidence other than the abstract statement that the imputed offense had been committed,
  • Thereupon, the objection made to the Criminal Judge of Peace was rejected without further examination, since there was no mistake in the decision,
  • According to the Constitutional Court, the application should be examined within the scope of the right to request the protection of personal data, as the complaint relates to the failure to conduct an effective criminal investigation on the complaint that his personal data was unlawfully obtained

Within this framework, the constitutional court has ruled as follows;

  • Personal data does not only include identifying information such as the individual's name, surname, date of birth and place of birth, but also data such as e-mail address, shopping habits, hobbies, preferences, and people with whom the individual interacts,
  • The State is obliged not to arbitrarily interfere with the individual's right to protection of personal data and to prevent attacks by third parties,
  • In the concrete case, Chief Public Prosecutor's Office decided nonsuit on the grounds that the formal elements of the crime did not occur, and that the evidence put forward by the applicant was not discussed in the content of the decision,
  • The positive procedural obligation was not fulfilled, as the criminal proceedings authorities did not provide the applicant with an effective legal procedure through which he could present his claims and evidence.

For these reasons, Constitutional Court has decided that the applicant's claims were ADMISSIBLE and that the right to request the protection of personal data within the scope of the right to respect for private life provided under Article 20 of the Constitution was VIOLATED.

You can access the full text of the decision (in Turkish) published in the Turkish Official Gazette here.

 

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr