ARTICLE
12 March 2026

Turkish Personal Data Protection Authority Issues Warning On The Use Of Foreign-Based Messaging Applications By Public Institutions

MA
Moroglu Arseven

Contributor

Moroglu Arseven logo
“Moroglu Arseven is a full-service law firm, with broadly demonstrated expertise and experience in all aspects of business law. Established in 2000, the firm combines a new generation of experienced international business lawyers, who hold academic, judicial and practical experience in all aspects of private law.”
Explore Firm Details
The Personal Data Protection Authority (the "Authority") published its public announcement dated 29 January 2026, titled "Public Announcement on the Use of Foreign-Based...
Turkey Privacy
Ayşegül Dağhan and Cansu Özgüven
Your Author LinkedIn Connections
Ayşegül Dağhan’s articles from Moroglu Arseven are most popular:
  • within Privacy topic(s)
  • in India
Moroglu Arseven are most popular:
  • within International Law and Compliance topic(s)

The Personal Data Protection Authority (the "Authority") published its public announcement dated 29 January 2026, titled "Public Announcement on the Use of Foreign-Based Messaging Applications by Public Institutions" ("Announcement"). The Announcement draws attention to complaints and reports received by the Authority indicating that public officials employed by various public institutions have been compelled to use foreign-based messaging applications such as WhatsApp while carrying out administrative duties, and that instructions, directives, and official documents have been communicated and shared through such applications.

The Authority has emphasized that, in the provision of public services, ensuring data security under the Personal Data Protection Law No. 6698 ("DP Law") constitutes a core legal obligation alongside operational efficiency and speed. Referring to Presidential Circular No. 2019/12, the Authority reiterated that confidential or critical information should not be shared through mobile communication applications other than those expressly authorized by legislation and recognized as domestic and secure. It was further highlighted that the absence of data centres in Türkiye for foreign-origin messaging applications represents a material data security risk.

The Announcement clarifies that the transmission of information or documents containing personal data through messaging platforms such as WhatsApp by public institutions qualifies as personal data processing. Where such processing fails to comply with the applicable legal framework, it may be subject to regulatory scrutiny, potentially resulting in administrative review and disciplinary consequences for the responsible public officials.

In this context, the Authority has urged public institutions to conduct all personal data processing activities, including the management of personnel contact information such as mobile phone numbers, in strict accordance with the DP Law requirements. It further emphasized the need to avoid mandating the use of foreign-origin messaging applications and to refrain from transmitting personal data through such platforms.

The full text of the Announcement can be reached through this link. (Only Available in Turkish)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Ayşegül Dağhan
Ayşegül Dağhan
Photo of Cansu Özgüven
Cansu Özgüven
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More