ARTICLE
14 July 2026

Quick Read: Technology Law Updates In Türkiye – June 2026

KST LAW

Contributor

KST LAW is an independent Istanbul based full service corporate law firm in cooperation with Kinstellar.

We provide legal services relevant to all aspects of business in a wide variety of sectors. We operate to the highest international standards in managing cross border transactions or investments and providing practical and creative solutions to legal or regulatory issues.

KST LAW is proud to have an exceptional client base consisting some of the largest Turkish conglomerates, sector leaders in Turkey, multi-nationals, investment or private equity funds and financial institutions.

June 2026 brought significant developments in Turkish technology regulation, with the Turkish Data Protection Authority issuing strict guidance on workplace biometric systems and CCTV monitoring. How will these new restrictions on employee surveillance reshape corporate compliance practices, and what do the Constitutional Court's rulings on e-commerce liability mean for digital platforms operating in Türkiye?
Turkey Privacy
KST LAW are most popular:
  • within Government, Public Sector and Strategy topic(s)
  • in Turkey

July 2026 – June was another active month for technology regulation in Türkiye, with a particular focus on workplace privacy. The Turkish DPA published important guidance on employee CCTV monitoring and biometric attendance systems, signalling increased scrutiny of employers' monitoring practices.

At the same time, significant Constitutional Court judgements clarified the legal framework for publicly disclosed personal data and e-commerce platform liability, while the government unveiled its 2026–2030 AI Vision and Action Plan and introduced new identity verification and subscription rules for the electronic communications sector.

In this edition of Quick Read, we highlight the most notable recent developments in data protection, AI, and digital regulation in Türkiye.


Developments in Data Protection

1. Turkish DPA Reinforces Restrictions on Biometric Attendance Systems

On 2 June 2026, the Turkish DPA published a Principle Decision reaffirming its strict approach to the use of biometric technologies—such as fingerprint, facial recognition, and iris scanning—for employee attendance and work-time monitoring.

The DPA concluded that biometric attendance systems are likely to be disproportionate where less intrusive alternatives are available, even where employees have provided explicit consent, noting that such consent will generally not be regarded as freely given due to the imbalance of power in the employment relationship. Employers should therefore consider alternatives such as access cards, PIN codes, RFID/NFC cards, or manual attendance records.


2. Turkish DPA Clarifies Rules on Workplace CCTV Monitoring

On 8 June 2026, the Turkish DPA published guidance clarifying the conditions for the use of CCTV systems in the workplace. The DPA reiterated that employers may use CCTV only where there is a valid legal basis and the monitoring complies with the general principles under the Turkish DP Law.

The guidance emphasises that employers should:

  • ensure CCTV monitoring is necessary, proportionate, and limited to clearly defined purposes, and not use it for employee performance or disciplinary monitoring;
  • limit camera coverage to appropriate common or high-risk areas and avoid private spaces, with audio recording used only in exceptional circumstances;
  • provide clear privacy notices and appropriate signage; and
  • implement appropriate retention, access, and security measures, supported by internal policies governing the use of CCTV footage.


3. Data Breach Notification

The DPA’s data breach notifications published for June 2026 may be accessed from this link.

Developments in Artificial Intelligence

2026–2030 AI Vision and Action Plan Published

On 13 June 2026, during the Türkiye Artificial Intelligence Summit, the government’s Artificial Intelligence Vision and Action Plan for 2026–2030 was announced, setting out a roadmap to accelerate AI adoption, expand national AI infrastructure, support domestic AI technologies, and establish a human-centred AI governance framework. Among its headline targets are providing AI literacy training to five million people within two years, establishing a National Data Library, and increasing data centre capacity to at least 1 GW by 2030.


Developments in Digital Regulation

1. Constitutional Court Reshapes E-Commerce Platform Liability

In its decision dated 12 February 2026, the Constitutional Court annulled provisions broadly exempting e-commerce intermediary service providers from liability for defective goods and unlawful content in consumer transactions. The Court held that a uniform exemption failed to reflect the different roles platforms may play in online sales and could leave consumers without an effective remedy, particularly where the seller cannot be reached or is unable to compensate them.

The decision does not establish a new liability regime. The legislature must introduce a framework reflecting each platform’s actual involvement in the transaction. The annulled provisions will cease to have effect on 2 March 2027.


2. New Identity Verification and Subscription Rules for Electronic Communications Providers

Two amending regulations entered into force on 25 June 2026, introducing new identity verification and subscription requirements for electronic communications providers. The amendments expand permitted verification methods to include e-Government, electronic identity documents, and video verification, while introducing alternative procedures for certain foreign applicants.

They also revise subscription documentation requirements, introduce limits on the number of lines, and require operators to periodically verify subscriber information. Services may be restricted or deactivated where verification cannot be completed.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More