It has been stated that accessing the real estate information of the citizens by entering only the Turkish Republic ID number on the real estate tax payment/fast payment and debt inquiry pages submitted online by the municipalities in various notices conveyed to the Turkish Data Protection Authority ("Authority") causes a problem in terms of protection of personal data and it has been requested to be examined within the scope of Turkish Data Protection Law No. 6698 ("KVKK").

As it is known, Art. 16 of the Turkish Data Protection Law ("KVKK") numbered 6698 states that "Natural and legal persons who process personal data shall register with the Data Controllers Registry prior to the start of data processing" and with the provision "Data controllers are obliged to register Data Controllers’ Registry Information System ("VERBIS") within the period determined and announced by the Authority" provision is included.

In the event, which is the subject of the Turkish Constitutional Court with application No. 2018/11988 and decision dated 10.03.2022, the Applicant works as a civil servant within the Municipality of Söke ("Municipality"). Working hours in the Municipality are tracked by fingerprint system. Despite the Applicant's objections, the case has been brought to the court of first instance, as the fingerprints continued to be taken by the Municipality.

The court of first instance decided to annul the administrative act with the acceptance of the case. In the reasoning of the decision, it is stated that the controlling of employee's working hours by fingerprint scanning system should be evaluated within the scope of the processing of personal data within the scope of the right to respect of private life, by referring to the relevant legislation. The court of first instance also stated that there is no detailed legal regulation regarding the tracking of working hours of civil servants, and that having a legal basis for restriction of fundamental rights is a constitutional obligation and at the same time one of the basic principles in the European Convention on Human Rights.

The Regulation on the Protection and Processing of Data Within Social Security Institution ("SSI") ("Regulation")entered into force after being published in the Official Gazette dated 02.19.2022 and No. 31755. Within the scope of this Regulation, the procedures and principles to be followed in the processing of the personal data obtained by the SSI is determined.

What are the Highlights of the Regulation?