The Crime of Recording Personal Data

The crime of recording personal data constitutes a violation of the regulations concerning the protection of personal data in Turkish law. The protection of personal data in Türkiye is regulated by Law No. 6698, the "Law on the Protection of Personal Data." This law covers many issues such as the processing, recording, storage, sharing, and use of personal data. The definition of personal data in the law is "any information relating to an identified or identifiable natural person." Therefore, information such as a person's name, surname, date and place of birth, telephone number, social security number, or passport number constitutes examples of personal data.

When we examine judicial practice, personal data is classified as follows (Supreme Court 12th Criminal Chamber – Decision: 2012/12126).

• Identity Information: Examples include name, surname, Turkish Republic identity number, passport number, date of birth, gender, photographs, and signatures.
• Contact Information: For example, phone numbers, email addresses, physical addresses, and communication preferences.
• Financial Information: Bank account details, credit card numbers, income information, debts, and credit history.
• Health Information: Medical diagnoses, medications, illnesses, treatment records, and health insurance information.
• Location Information: GPS data, geolocation information, IP addresses, and similar information.
• Biometric Data: Fingerprints, retina scans, facial recognition data, and similar information.
• Social Media Data: For example, shared posts, likes, comments, and friend list.
• Genetic Data: Genetic test results, DNA analyses, and family history information.

According to the Turkish Penal Code, the protection of personal data is considered a constitutional guarantee and ensures the protection of individuals' private lives and personal information. This important right is addressed in detail in the section of the Turkish Penal Code titled "Crimes Against Private Life and the Confidentiality of Life," which regulates crimes such as the unlawful recording, sharing, or acquisition of personal data.

 

These regulations aim to protect the privacy and personal information of individuals. Unauthorized acquisition or unlawful sharing of personal data is subject to severe criminal penalties. These penalties are designed to send a deterrent message to those who harm personal data or gain unauthorized access to it.

 

In the Turkish Penal Code No. 5237

The Turkish Penal Code contains two important articles concerning the protection of personal data.

Firstly, the unlawful recording of personal data which regulates according to Article 135 of the Turkish Penal Code No. 5237, a person who unlawfully records personal data shall be sentenced to imprisonment for one to three years. According to the same article, if the personal data relates to individuals' political, philosophical, or religious views, race or origin, moral inclinations, sexual life, health status, or trade union affiliations, the penalty shall be increased by half.

 

 

Secondly, the unlawful disclosure, dissemination, or acquisition of personal data which regulates according to Article 136 of the Turkish Penal Code,, the person who commits this crime shall be punished with imprisonment ranging from two to four years. If the subject matter of the crime is statements or images recorded in accordance with the fifth and sixth paragraphs of Article 236 of the Criminal Procedure Code, the penalty shall be increased by one fold.” (Added: 17/10/2019-7188/17 art.)

These articles contain important provisions with serious sanctions regarding the protection of personal data.

 

Qualifying circumstances

Article 137 of the Turkish Penal Codestipulates that penalties for certain offenses shall be increased by half if committed under the following conditions:

1. a) By public officials and through the abuse of their official authority,
2. b) By taking advantage of a particular profession or art.

These aggravating circumstances are based on the manner in which the crime was committed and the specific characteristics of the perpetrators, and necessitate an increase in the penalty.

For the crime of recording personal data to occur, the act of recording must have been carried out unlawfully. According to Article 135 of the Turkish Penal Code, there must be no legal justification for recording personal data in order for the crime to be considered to have occurred. Reasons for legality are defined by a legal regulation or the explicit consent of the individual. Furthermore, reasons for legality can also be invoked if data processing is necessary for the establishment, exercise, or protection of a right.

in Article 135 of the Turkish Penal Code The crime of unlawfully recording personal data, regulated

1. The crime of violating the privacy of private life,
2. The crime of unlawfully obtaining, disseminating, or giving away personal data
3. The crime of listening to, recording, and disclosing conversations between individuals,
4. The crime of violating the confidentiality of communication,
5. Cybercrimes."

These crimes stand out in different ways, and each has its own specific criminal consequences and areas of application. Understanding the differences between these crimes is of great importance in terms of lawfulness and the protection of privacy. Therefore, it is necessary to clearly distinguish between the crime of unlawfully recording personal data and other crimes.

 

 

 

 

 

Penalty for the Crime of Recording Personal Data

According to Article 135 of the Turkish Penal Code, the penal provisions regarding the crime of unlawfully recording personal data are as follows:

The crime of unlawfully recording personal data is punishable by imprisonment for 1 to 3 years (Turkish Penal Code Article 135/1).

Similarly, if the personal data relates to individuals' political, philosophical or religious views, racial origins; moral inclinations, sexual lives, health status or trade union affiliations in violation of the law, the penalty to be imposed pursuant to the first paragraph shall be increased by half (Turkish Penal Code Article 135/2).

These provisions are implemented as a deterrent measure aimed at protecting the privacy and security of personal data.

 

Aggravating Circumstances of the Crime

The crimes of recording, seizing, and sharing personal data are regulated under Article 137 of the Turkish Penal Code, and the aggravated forms of these crimes are also specified. According to this article of the law;

1. If the crime of recording personal data is committed by a public official and through the abuse of the authority granted by their position, the penalties to be imposed according to the paragraphs above shall be increased by 1/2.

For example, a person working in the human resources department of a workplace illegally obtaining employee salary information and leaking this information to a third party.

1. If the offense is committed by taking advantage of the opportunities provided by a particular profession or art, the penalty shall be increased by half.

 

For example, a dietitian sharing personal information about a patient with others without their permission would be an example of this situation.

 

Statute of Limitations and Complaint Period for the Crime of Recording Personal Data

Although the crime of recording personal data constitutes an interference with private life, the victim is not required to file a complaint for this crime to be investigated; the competent prosecutor's office must investigate it independently. There is no specific time limit for filing a complaint regarding this crime.

However, the statute of limitations for the crime of unlawfully recording personal data is 8 years. The crime must be reported to the prosecutor's office within 8 years of the date it was committed. Otherwise, the statute of limitations will expire, and the investigation will become impossible.

 

 

 

 

The Crime of Recording Personal Data in Light of Supreme Court Decisions

The acquittal of the defendant on the charge of recording personal data and the conviction on the charge of violating the privacy of private life were appealed by both the defendant and the plaintiff's lawyer. Following a review of the case file, the necessary assessments were made:

“The file shows that the defendant maintained a friendship with the complainant for a period of time and lived together. It is alleged that photographs taken during this period, depicting their private life, were recorded without the complainant's consent. However, these photographs do not fall under the scope of personal data in a legal sense. Therefore, the elements of the crime do not constitute the crime of recording personal data; instead, it constitutes the crime of violating the privacy of private life, as defined in the second sentence of Article 134/1 of the Turkish Penal Code. Nevertheless, the defendant, in his defense, claimed that the photographs were taken with consent, and explained this situation by stating that the photographs taken with the complainant were not taken without the complainant's knowledge.”.

In conclusion, it was determined that there was insufficient, conclusive, and convincing evidence to substantiate the accusation that the defendant recorded the photographs without the complainant's consent. Therefore, the decision to acquit the defendant was deemed correct. (Supreme Court of Appeals, 12th Criminal Chamber – Decision: 2014/16650).

 

Student Intern Suat TAŞ