The fight against the Covid 19 epidemic, which emerged in the People’s Republic of China and then had its effect all over the world, has now begun to be an effective fight against the epidemic with the help of technological facilities that have exceeded the traditional medical struggle in the field of health. As part of this fight, the Personal Data Protection Authority (KVKK) shared a public announcement on 09.04.2020.

The announcement is about the technological possibilities used in the fight against the epidemic. These technological possibilities appear as activities such as identifying the environments that people with disease or those at risk of disease come into contact with through mobile applications, thereby mapping the spread of the virus and applying quarantine or detecting crowded places that do not comply with social isolation. During the aforementioned activities, the personal data of many concerned people are collected and their personal data are processed in this way.

Special quality personal data such as health data can be processed by persons or authorized institutions and organizations who are under the obligation to keep confidential according to the paragraph 3 of Article 6 of the Personal Data Protection Law No.6698, without seeking the express consent of the person concerned. However, within the scope of the measures taken through technological possibilities in the statement of the institution, the collected location data is mentioned and the location data is determined in the “Regulation on the Processing of Personal Data in the Electronic Communications Sector and the Protection of Privacy”, which determines the geographical location of a device belonging to the public electronic communication service user and in the electronic communication network or electronic communication. and underlined that location data is personal data according to the law numbered 6698.

In this context, the Authority, against the Covid-19 epidemic that threatens public order and security, aims to collect location data in order to prevent the spread of the disease. “Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations authorized by law to ensure national defense, national security, public security, public order or economic security.” has included the activity of collecting location data as “activities to ensure the isolation of people who are diagnosed with diseases during the period of contagiousness, to identify crowded areas by processing the location data of the general population and to develop importance in this context” and included all data processing activities within this scope within the scope of exceptions. . In other words, with this announcement, the institution removed the obstacles to the processing of this data by public institutions and organizations that fight against the Covid-19 epidemic and process location data within the scope of this fight.

In addition, the institution has also taken into account the seizure of various kinds of data processed by third parties in the fight against disease and underlined that the relevant institutions and organizations should ensure the security of the personal data they process and that they should take the necessary technical and administrative measures for data security, as well as processing the aforementioned data. reminded that the personal data in question should be deleted or destroyed once the circumstances that caused them to disappear. We would like to emphasize that all data controllers should be very careful about the issues underlined by the KVKK and that the obligations determined for data controllers continue even during the epidemic process.


Ahmet Atakan GİDER