Within the scope of election activities; political parties defined within the framework of the Law No. 2820 (In Turkish) on Political Parties should be considered as "Data Controller" in accordance with the KVKK.

With the information note published, political parties; it has been reported that data processing activities are carried out in the establishment notices and documents of political parties, in the political party register, in the stage of holding elections, in the notification of those working in the organs to the public authorities, in the identification of the nomination and party voter list, in the storage of the pre-election documents.

Conditions for the processing of personal data are regulated various fields in Turkish Law. First of these, article 20 of the Constitution of the Republic of Türkiye, titled "Privacy of Private Life" states that "Personal data can only be processed in cases stipulated by the law or with the explicit consent of the person." statement is included.

In addition to the Constitution, in article 5 of the Turkish Personal Data Protection Law ("KVKK") No. 6698, titled "Conditions for Processing ofSpecial categories of personal data" and in article 6 titled "Conditions for the Processing of Sensitive Data". However, while auditing the compliance of the data processing activity with the law, article 4 of the KVKK titled "General Principles" should also be taken into account.

With the application number 2018/6161 and dated June 28, 2022 Constitutional Court Decision has been published in the Official Gazette No. 32049 on December 20, 2022, it has been concluded that the right to effective remedy, which is a positive obligation that must be carried out and assumed by the public authorities, has been violated.

The applicant had applied to the relevant telecommunication company for internet data, log records, IMEI information, hot spot date information and IP numbers received jointly with other subscribers belonging to his telephone line and containing a certain date range to be given to himself, and the request was not accepted by the relevant company. In the suit filed thereon, the local court decided to dismiss the case from the procedure, no positive results have been obtained from the legal remedy applied.

With the application number 2018/16857 and dated 29.09.2022 Constitutional Court Decision has been published in the Official Gazette No. 32030 on 01.12.2022, it has been concluded that the obligation to protect of personal data is a positive obligation that should be undertaken by public authorities hasn’t been fulfilled.

The Constitutional Court examined the claim that the right to request the protection of personal data was violated since the investigation made on the complaint regarding the illegal recording of a non-public speech was not conducted in accordance with the positive obligations of the state.