The Code Of Protection Of Personal Data And The Crime Of Not Destroying Personal Data In The Scope Of The Turkish Criminal Law


Knowledge and sharing of knowledge move towards becoming the most important activity of every modern individual in order to be a part of the current life in which knowledge becomes power and commodity. With the development of technological facilities, all activities of social, professional and official platforms started to take shape in accordance with the principles of getting, processing, saving and sharing of information in line with this dizzying speed. Every day, government agencies and private organizations collect, store, process and transport a significant amount of data about individuals.

All this leads to many dangerous situations, such as losing control of individuals’ information and using them against them. As such, a very important right to be protected for the people of our age has become clear in the legal scene: the right to the protection of personal data. Due to hereby right is generally accepted as a sub-element of private life in both practice and doctrine it constitutes a prerequisite for the realization of many fundamental rights and freedoms, especially the privacy of private life.

Legal Regulations

The regulations on the protection of personal data have been in the legislation of many European states for nearly fifty years. The presence of a special law on the protection of personal data in Turkey, first of all, that it is a necessity due to the basic reason that human right, the Judicial Commission are specified in the Draft Report of the Code on Protection of Personal Data. After the referendum made in 2010, via the Law No. 5982, a clause ‘’Everyone has the right to request the protection of his/her personal data. This right includes being informed of, having access to and requesting the correction and deletion of his/her personal data, and to be informed whether these are used in consistency with envisaged objectives. Personal data can be processed only in cases envisaged by law or by the person’s explicit consent. The principles and procedures regarding the protection of personal data shall be laid down in law.‘’ has been added to the article 20 of the Constitution that regulates the privacy of the private life and an important step has been taken regarding the human rights. The protection of personal data is clearly guaranteed by the constitution. Law No. 6698 on the Protection of Personal Data was finally enacted on 24 March 2016 in the Turkish Grand National Assembly. Although the Code is new, there were scattered arrangements is based on the Article 20 of the Constitution and shaped by article no. 135 etc. that is regulated in titled ‘’Crimes Against Private Life and the Private Area of ​​Life’’ of the Turkish Criminal Code (TCC).In addition, the regulations of some of the organization’s structural laws contain regulations on this subject. However, although the basic laws and special laws such as TCC and Code of Criminal Procedure (CCP) have principles for the protection of personal data, they provide limited protection and are insufficient to provide a holistic protection. Furthermore, thanks to the majority of these arrangements were feasible after the occurrence of a loss, it was a necessity to have a preventive arrangement that could protect the rights and freedoms of individuals in this area without causing any damage. Therefore, the Law on the Protection of Personal Data has filled a very important gap in our local law to ensure uniformity with universal law and to keep up with the current doctrine of human rights.

Definition of Data Officer and Duties by Law

According to the definition made in the Act, the data responsible person is the natural or legal person who is responsible for setting up and managing the data recording system, which determines the purposes and means of processing the personal data. Data processing person refers to the natural or legal person who process personal data on his behalf on the basis of the authority granted by the data officer. The data responsible is to comply with the general principles and procedures of the law, to fulfill the obligation of illumination in the framework specified in the law during the acquisition of personal data, not to disclose personal data illegally and not to use other than for the purpose of processing of the data; at the request of the person concerned, delete, destroy or anonymize, access, processing and preservation of all kinds of technical and administrative measures.

The Offense of Destruction of Personal Data

The crime of not destroying personal data is regulated in accordance with Article 138 of the TCC between crimes against private life and the hidden area of life. Although the deadlines set by the laws have passed, those who are charged with destroying personal data do not perform their duties deliberately. In case of to be destroyed of required reasons that processed of personal data, It is mandatory for the data responsible to erase, destroy or anonymize upon request of the related person or ex officio.

It needs to be understood from ‘’the concept of personal data’’ the information that the person does not submit to the information of the unauthorized third parties, which he / she shares with other people when he / she so wishes, but shares it with a limited environment (such as Turkish ID number, name, surname, place of birth and date, such as mother and father name), criminal record, place of residence, educational status. , occupation, bank account information, telephone number, e-mail address, blood type, marital status, fingerprint, DNA, hair, saliva, nail biological samples, sexual and moral disposition, health information, ethnicity, political, philosophical and any knowledge of the real person, which distinguishes one person from the other individuals in the society and makes it qualifiable, which makes the identity of the person as identifiable or identifiable, such as his religious view and union links. The distinguishing point here is that the data are obtained in accordance with the law. The institutions and organizations that have obtained the personal data in accordance with the law must destroy the reasons for the processing of the relevant data within the time specified in the special laws. Also ‘’wishing destroying or erasing of the personal data’’ is included on Article 11 of the Code on the Protection of Personal Data, within the rights of related person, in framework of the provisions of the seventh article. After eliminating the reason for ensuring the lawfulness of processing and recording data related to itself, each individual shall request as applying to the data responsible the deletion, destruction or anonymization of the relevant data.

Personal data should only be kept for the period which is stipulated in the applicable legislation or is required for the purpose which they were processed. Accordingly, the data responsible shall comply with this period if there is a period stipulated for the storage of the data in the relevant legislation; otherwise, the data can only be retained for the time required for the purpose which they were processed. In case of the absence of a valid reason for further storage of a data, it will be deleted or anonymized. Data cannot be stored based on the possibility of using it in the future. On the Regulation on the Deletion, Destruction or Anonymization of personal data, the period for deleting, destroying and destroying the personal data is regulated. Each data officer is obliged to prepare a personal data retention and destruction policy as to this regulation and to carry out this policy by complying with the principles in this regulation. In the article 7 of the hereby Code, it is stated that the provisions contained in other laws regarding the deletion, destruction or anonymity of personal data are reserved. For example, in Article 9 of the Judicial Register Law, the Removal of Judicial Registry Information, in the event that the execution of the penalty or security measure is completed, the information in the judicial record shall be deleted and recorded in the archives, and in case of death of the person concerned, it shall be completely deleted. In the article of 135/2 of CCP is included the provision ‘’The communication between the suspect or the accused and the persons who can withdraw from the testimony cannot be recorded. If this happens after the recording takes place, the received records will be destroyed immediately.’’ Therefore, the destruction of the conversations between the people who can withdraw from the testimony will be the crime of not destroying the personal data.

The penalty for the non-destruction of personal data is a prison term that from one year to two years. If the subject of the crime is to be abolished or destroyed according to the provisions of the CPC, the penalty shall be increased one fold. (TCC 138) In case of non-destruction of personal data, it is not possible to reduce the penalty in accordance with the provisions of effective regret. However, it is possible to postpone the sentence or the announcement of the sentence and to convert the sentence into a judicial fine. The crime of not destroying personal data is not offences prosecuted on complaint and in case of the prosecutor learns it will be investigated by prosecutor. The time limit for this crime is eight years.

In the event that personal data is not destroyed while it is required to be destroyed, due to that it will occur being the unlawful recording of the data, the recording of such data shall be the crime of ‘’recording the personal data’’ issued in accordance with article 135 of TCC. Except express consent of the related person, in case of processing data which is not destroyed in any way ‘’violation of privacy’’ issued in article 134 of TCC will occur. Any form of dissemination or disclosure of the data held on the internet or through the individuals shall mean the committing crime of ‘’the offense of acquiring or seizing the data’’ set out in article 136 of TCC. In the Law of protection of personal data as an area that is sensitive to the protection of human rights and to the crimes that can be connected to many other crimes, for this reason, it would be very useful to use legal consultancy services and to execute claim and defenses with the attorney.