1. Has the government introduced any laws and/or issued guidelines around remote-working arrangements? If so, what categories of worker do the laws and/or guidelines apply to – do they extend to "gig" workers and other independent contractors?

Article 14 of the Turkish Labour Act (TLA) defines remote working as a contractual employment relationship in which employees carry out their duties from home or other locations outside the workplace, sometimes through digital platforms. Based on the TLA, the Ministry of Labour and Social Security recently prepared a Regulation on Remote Working (Regulation), which came into force on 10 March 2021.

The Regulation covers all employees who work remotely under article 14 of the TLA. In this regard, the said rules shall apply to all categories of employees defined under the TLA, including but not limited to fixed-term workers, temporary workers, part-time workers and full-time workers. On the other hand, independent contractors would not qualify as workers under the TLA, as they would not be working in a way that is dependent on a specific employer.

In addition, the Ministry of Labour and Social Security has published the "Guideline on Remote Working During covid-19" (the Guideline), to increase awareness and share with all employers and employees any information and advice about potential scenarios, problems and economic risks, especially under occupational health and safety. Since all information included in the Guideline qualifies as a recommendation, it may apply to anyone working remotely, even after covid-19.

  1. Outline the key data protection risks associated with remote working in your jurisdiction.

The key data protection risks associated with remote working are data security and the processing of additional personal data while working remotely.

Under article 12 of the Personal Data Protection Law numbered 6698 (the DPL), data controllers must take all administrative and technical measures necessary to prevent unlawful processing of personal data, to prevent unlawful access to personal data and to ensure the security of personal data.

The Regulation also stipulates that the employer must inform remote workers about workplace rules and applicable legislation concerning the protection and transfer of data related to the workplace and their assignments (which may include personal data). The Regulation also emphasises that employers must take all necessary measures for the security of data. Per the Regulation, in the remote-working agreement, the employer must determine the definition and scope of data that needs to be protected.

There is no guidance from the Turkish Data Protection Authority (DPA) concerning measures to be taken specifically for remote working. Its general Guideline for Personal Data Security (Data Security Guideline) and the principal decision of the Turkish Data Protection Board concerning measures required to be taken by data controllers for processing sensitive personal data (Board Resolution for Sensitive Personal Data Security) should be considered by employers. The measures listed in the Data Security Guideline and the Board Resolution for Sensitive Personal Data Security are not exhaustive. Employers must consider all necessary measures for cyber security. International guidelines and IT sector developments should also be considered.

Employers who have failed to take appropriate measures to protect the unlawful processing of or access to personal data may be required to pay an administrative fine amounting to between 40,179 Turkish lira and 2,678,8591 Turkish lira. Furthermore, additional technical measures taken for remote-working opportunities must also be communicated to the Data Controllers' Registry if the employer is required to register data-processing activities (eg, employers located in Turkey that have more than 50 employees or have a balance sheet of more than 25 million lira fall under this obligation). Otherwise, although it may not be an imminent risk, an administrative sanction amounting to between 53,572 lira and 2,678,859 lira may be applied against the employer.

Lastly, if having remote-working employees requires an employer to process additional employee data, then the employer must inform their employees accordingly by providing an appropriate privacy notice under the DPL. Otherwise, they may be fined between 13,391 lira and 267,886 lira. The employer should determine what legal ground should be applied to the data processing due to remote working. If the applicable legal ground is consent but consent is not obtained lawfully from employees, then the employer may face an administrative fine of between 40,179 lira and 2,678,859 lira for unlawful processing.

  1. What are the limits on employer monitoring of worker activity in the context of a remote-working arrangement and what other factors should employers bear in mind when monitoring worker activity remotely?

One way to monitor employee activity in the context of remote working could be to control employees' use of servers, e-mail accounts and internet while using the employer's equipment. In Turkey, it is generally accepted that employers are authorised to control employees' use of servers, e-mail accounts and internet from their equipment within the scope of their right to manage, and there are no particular rules or exceptions as to remote working.

However, even though employers are entitled to such control, monitoring should be proportional to the legitimate purposes of the employer, such as controlling productivity and quality, or providing security. Employers should inform their employees about monitoring on the equipment and servers as well as the reasons for it. Furthermore, employers must provide necessary information about the scope of their monitoring activities to employees under the DPL. Otherwise, there is a risk of an administrative fine.

Employers should also bear in mind that, during such monitoring, they must avoid violating privacy rights. The Constitutional Court recently held that if employees are informed that their e-mails are monitored, the secrecy of private life and freedom of communication must not be violated. The Constitutional Court also stated that the conflicting interests of the employer and employees should be balanced fairly and any intervention by monitoring e-mail accounts should be evaluated on the grounds of proportionality and the legitimate purposes of the employer.

From a data privacy perspective, employers firstly should determine what personal data needs to be processed to if employers have a legitimate interest to monitor employees' activities, whether the processing of such data may potentially harm employees considering their rights, and whether employers have any options other than processing such personal data when trying to achieve this legitimate interest. Employers must apply a balance test to determine whether its legitimate interest overrides the personal rights and interests of their employees. Otherwise, employers cannot depend on legitimate interest as a legal ground for processing and will need the explicit consent of their employees to apply the relevant monitoring tool. In any case, if any monitoring requires the processing of sensitive personal data, consent will be required as per the DPL. Even if consent is given to employers, this does not mean that they can use monitoring tools to process any personal data that is not required to achieve the legitimate purposes of the monitoring. Any processing in contravention of the DPL (including the general principles applicable to data processing) may impose a risk of an administrative fine.

In light of the above, each monitoring tool considered by employers must be evaluated on a case-by-case basis for determining which legal ground is applicable and to what extent.

  1. Are employers required to provide work equipment (for example, computers and other digital devices) or to pay for or reimburse employees for costs associated with remote working (for example, internet and electricity costs)?

As per article 7 of the Regulation on Remote Working, it is essential that the materials and working tools required for the remote employee's work are provided by the employer, unless otherwise agreed in writing.

In practice, many global companies adopt policies to make further payments to employees to reimburse office supplies, internet, etc. Therefore, it may be favourable to reimburse employees for costs associated with remote working.

  1. What potential issues and risks arise for employers in the context of cross-border remote-working arrangements? (Please limit your responses to possible problems of labour law, social security law and tax law).

Theoretically, cross-border remote-working arrangements are possible from an employment law perspective as the law does not provide a clear rule or restriction on this. However, in practice, the Social Security Institution does not consider days worked overseas as workdays subject to social security premiums. Therefore, such arrangements may not be possible.

Employers located in Turkey must consider their data privacy obligations where employees are working in the context of cross-border remote-working arrangements, because the relevant obligations are mostly applicable on a residency basis due to the principle of territoriality. On the other hand, under Turkish legislation, employers must ensure the security of data shared with the relevant employees.

In addition, employers should bear in mind that any data shared with such employees would be an overseas transfer of data. As a result, if the transferred data contains personal data, consent must be obtained for such transfer of data abroad from the data subject, covering the purpose of processing this data unless the employers have permission from the DPA for the relevant international transfer. International transfers of personal data are restricted in Turkey. Unlike GDPR, the DPL does not protect international transfers in the European Economic Area (EEA) as Turkey is not in the EEA and standard contractual clauses do not apply to the transfer of personal data from Turkey to overseas.

Depending on the sector in which employers are engaged, there may be further data-residency and data-localisation requirements. Therefore, before any cross-border remote-working arrangements, employers must evaluate whether they are subject to such requirements and how they should approach the data to be processed by the relevant employees for their duties and assignments on a case-by-case basis.

  1. Do employers have any scope to reduce the salaries and/or benefits of employees who work remotely?

As per article 14 of the TLA, remote workers cannot be treated differently from a comparable worker solely due to the nature of their employment contract. Employers cannot reduce the salaries or benefits of employees who work remotely merely on grounds of remote working. However, if there is other justification, such treatment may be acceptable.

The return to work and vaccinations:

  1. Do employers have a legal duty to provide covid-19-safe working environments? If so, what practical steps can employers take to satisfy this duty?

In the scope of the duty to protect employees, employers must take all necessary occupational health and safety measures and protect employees' health, and physical and mental integrity. Also, as per the Occupational Health and Safety Act, employers must protect the occupational health and safety of employees. Employers must provide covid-19-safe working environments as much as is practicable. The practical steps that may be taken by employers would vary depending on the features of each workplace. However, certain governmental authorities published several guidelines during the pandemic, and employers may choose to comply with the recommendations set out under these documents to ensure the minimum protection. These publications mainly focus on emergency planning, cleaning and hygiene rules, personal protective equipment, and advice on travel and meetings.

  1. Can employers require or mandate that their workers receive a covid-19 vaccination? If so, what options does an employer have in the event an employee refuses to receive a covid-19 vaccination?

As per the Constitution, a person's physical integrity cannot be interfered with except for medical necessity and exceptions set out by the law. As the covid-19 vaccination is not defined as a mandatory vaccine under the applicable laws, employers cannot make vaccinations mandatory for employees in principle. Indeed, the Ministry of Health announced that covid-19 vaccinations are voluntary.

The only mandatory vaccine under the current legislative framework is the smallpox vaccine.

The majority of Turkish academics take the view that termination for refusal to take a vaccine would not constitute rightful or valid grounds for termination. It also would not comply with the principle of termination being the last resort, as employers may proceed with other options such as encouraging employees to get vaccinated or implementing remote working. However certain academics argue that refusing to take a covid-19 vaccine may be valid grounds for termination in exceptional cases (such as employees in elderly care institutions).

The Ministry of Labour and Social Security issued a general letter dated 2 September 2021 regarding vaccination and testing policies that employers may apply in workplaces. The letter suggested employers should: (i) inform all employees about protective and preventive measures against potential health and safety risks at the workplace; (ii) provide separate information in writing to employees whose covid-19 vaccinations are not complete; (iii) inform unvaccinated employees about the potential results of receiving a covid-19 diagnosis due to unvaccination within the scope of the labour and social security legislation; (iv) require that unvaccinated employees have regular PCR tests once a week as of 6 September 2021; and (v) record the test results at the workplace for any necessary action.

The fact that these arrangements were introduced by a letter from the Ministry was heavily criticised by legal academics and practitioners, and legislators were expected to bring a law into force soon. However, pursuant to the changing policies of Turkish government regarding covid-19 as evidenced in a letter dated 14 January 2022 from the Ministry of Health, the Ministry of Internal Affairs issued a new general letter on 15 January 2022 that limited the scope of mandatory PCR testing.

Please see question 10 regarding a new general letter issued by the Ministry of Internal Affairs concerning limits on mandatory PCR testing requirements.

  1. What are the risks to an employer making entry to the workplace conditional on an individual worker having received a Covid-19 vaccination?

As mentioned above, employers are under an obligation to protect their employees. This means that employers should consider the health of employees working at physical premises. On the other hand, as explained above, employers cannot force employees to get vaccinated, and making entry to the workplace conditional on an individual worker receiving a covid-19 vaccination may be construed as pressure by the labour courts.

Please see question 10 regarding the option of requesting mandatory PCR testing.

  1. Are there some workplaces or specific industries or sectors in which the government has required that employers make access to the workplace conditional on individuals having received a Covid-19 vaccination?

No. As mentioned above, the Ministry of Health has stated that the covid-19 vaccination is available voluntarily. Also, according to the Ministry of Labour and Social Security's general letter, mandatory PCR testing was regulated as a voluntary mechanism at the employer's discretion, considering different working methods in all workplaces.

On the other hand, the Ministry of Internal Affairs issued a separate circular, which regulated mandatory PCR testing before attending collective activities such as a concert, cinema or theatre; or undergoing intercity travel by plane, bus, train or other means of public transportation, except for private vehicles. Before, it could be possible to say that, in addition to the attendees, employees who facilitate these activities could also be requested to provide a negative PCR test result if they are unvaccinated. Likewise, the Ministry of Education introduced a similar practice at schools. All unvaccinated school staff encountering students face-to-face had to undergo mandatory PCR testing twice a week.

However, as of 14 January, no mandatory PCR testing is deemed required for the following individuals even if they are unvaccinated (or their vaccination processes are not complete) or are not recovered from covid-19 within the past 180 days:

  • those undergoing intercity travel by plane, bus, train or other means of public transportation;
  • those who attend collective activities such as a concert, cinema or theatre;
  • all school staff working at Ministry of Education schools (teachers, service drivers, etc);
  • employees of public and private workplaces; and
  • those attending student camps organised by public or private institutions;

However, mandatory PCR testing is still required for the following individuals:

  • employees of nursing homes, aged-care facilities, prisons or penitentiaries who are unvaccinated or not recovered from covid-19 within the last 180 days, or their vaccination process is not complete;
  • prisoners and convicts at prisons or penitentiaries;
  • those traveling abroad (subject to the rules of the travelled country); and
  • those undergoing intercity travel by plane who are unvaccinated or not recovered from covid-19 within the past 180 days, or their vaccination process is not complete.

With that in mind, all these announcements were qualified as recommendations in terms of their binding power, and therefore several Turkish scholars take the view that employers, especially by gathering Occupational Health and Safety Councils (if they exist), can still decide to mandate PCR testing to ensure occupational health and safety at workplaces by complying with the personal data protection rules.

  1. What are the key privacy considerations employers face in relation to ascertaining and processing employee medical and vaccination information?

Medical and vaccination information can be processed by employers only with the explicit consent of employees. In labour law, considering the dynamics between employers and employees, any consent given by employees may be challenged as it may not be voluntary. Therefore, the processing of such health data, even with the consent of employees, would impose risks upon employers from a data protection perspective.

 

Health & safety and wellbeing:

 

  1. What are the key health and safety considerations for employers in respect of remote workers?

As per article 12 of the Regulation on Remote Working, employers must inform employees about the occupational health and safety measures required for remote working, provide necessary training, ensure health inspections, and take necessary measures about any equipment provided to employees.

Also, article 4 of the Occupational Health and Safety Law No. 6331 further stipulates that employers, in general, must:

  • ensure that all safety measures, including but not limited to those preventing occupational risks and providing information and training, are taken; order in the workplace; all necessary tools and equipment are supplied; health and safety measures are adjusted to changing conditions; and that the current status of the workplace improves;
  • supervise and monitor whether the occupational health and safety measures are complied with, and correct any incompatibilities;
  • conduct or ensure a risk assessment;
  • pay attention to an employee's suitability for a role in the scope of health and safety; and
  • take the necessary measures so that employees, other than those who receive adequate information and instruction, to not enter places that would lead to life-threatening or a particular danger.

However, Turkish academics argue that several health and safety obligations may not apply to remote working, as it may not be practically possible to apply them. For instance, they state that certain obligations arising from the occupational health and safety legislation such as preparing an emergency plan, firefighting, first aid, and evacuation are not applicable to remote working, as it would be unreasonable to expect employers to fulfil these kinds of obligations regarding a place outside their authority.

To conclude, along with the obligations set out under the Regulation on Remote Working, employers should comply with general occupational health and safety obligations, where applicable.

  1. How has the pandemic impacted employers' obligations vis-à-vis worker health and safety beyond the physical workplace?

Please see question 12. The general health and safety obligations of employers do apply to the performance of tasks at or beyond the physical workplace, as much as is practicable. However, employers must avoid breaches of the right to privacy, and therefore cannot intervene in an employee's private life beyond the physical workplace.

  1. Do employer health and safety obligations differ between mobile workers and workers based primarily at home?

Turkish law does not differentiate between remote workers being mobile or primarily at home. As remote working is legally defined as performing at home or outside the workplace through technological communication devices under an employer's direction, there are no particular rules applicable to mobile workers or workers based primarily based at home. Both categories may be considered as remote workers.

  1. To what extent are employers responsible for the mental health and wellbeing of workers who are working remotely?

As mentioned above, employers must take all necessary occupational health and safety measures and protect employees' health, and physical and mental integrity. Also, according to article 417 of the Turkish Code of Obligations, employers must have all necessary equipment and tools available to protect health and safety.

The same article further provides that employers must: protect and respect the personality of their employees; ensure order in the workplace in compliance with the principle of good faith; and take any necessary measures to prevent employees from being exposed to psychological and sexual harassment and from being subject to further harm, if such an incident took place.

  1. Do employees have a "right to disconnect" from work (and work-related devices) while working remotely?

As per article 10 of the Regulation on Remote Working, employers and remote workers can decide on timeframes and methods of communication during remote working. Employers and employees can mutually agree on the scope of a "right to disconnect" in the remote-working agreement.

Having said that, Turkish academics mostly discuss the right to disconnect under the right to rest, which is provided under the Constitution. Nevertheless, although it is a controversial issue in Turkey, in current practice the "right to disconnect" is not fully recognised by employers in Turkey in regard to remote working.

Unions and/or works councils:

 

  1. To what extent have employers been able to make changes to their organisations during the pandemic, including by making redundancies and/or reducing wages and employee benefits?

In the scope of covid-19-related measures, the termination of employment contracts by employers was prohibited for three months from 17 April 2020, with certain exceptions. With further extensions, this ban was extended to 30 June 2021. Therefore, redundancies have been prohibited from 17 April 2020 to 30 June 2021, and any breach of this ban has been met with a fine. On the other hand, employers have been granted the authority to impose unpaid leave (without employee consent), partially or in full, on employees during this period. Up until the end of the termination ban, employees on unpaid leave have received a daily allowance from the Unemployment Insurance Fund.

Also, many companies chose to introduce salary reduction due to the economic pressure arising from covid-19 at the beginning of the pandemic by obtaining the written consent of employees.

In addition to the above, certain arrangements have been introduced to facilitate the requirements of short-time working applications, filed on the grounds of circumstances arising from COVID-19.

  1. What actions, if any, have unions or other worker associations taken to protect the entitlements and rights of remote workers?

In Turkey, unions have mostly provided opinions or organised demonstrations about the recent Regulation on Remote Working. For instance, the Turkish Journalists Union published a list of recommendations concerning remote working for the attention of the Ministry and its employers. As another example, the Confederation of Turkish Worker Unions issued a comprehensive study named "Remote Working with Regard to Occupational Health and Safety Aspects".

Notwithstanding the above, in Turkey unionisation mostly exists in blue-collar industries. Therefore, these kinds of associations mostly dealt with short-time working and unpaid-leave mechanisms during the pandemic.

  1. Are employers required to consult with, or otherwise involve, the relevant union when introducing a remote-working arrangement? If so, how much influence does the union and/or works council have to alter the working arrangement (for example, to ensure workers' health and safety is protected during any period of remote work)?

The Regulation on Remote Working is silent about employee rights arising from collective labour law. However, collective bargaining agreements can regulate the execution, content, and termination of individual contracts. Therefore, remote working may be regulated as part of the content of an individual contract. As per article 41 of the Act on Unions and Collective Bargaining Agreements, unions to which at least 1% of workers in the relevant field of business are a member can execute a collective bargaining agreement for a certain business or workplace, provided that more than half of the workers employed at the workplace or 40% of the workers employed in the business are members of the union at the application date.

In this regard, the Banking-Finance and Insurance Workers Union announced that they raised this issue in their collective bargaining processes. As remote working has only become widespread during the covid-19 pandemic and the Regulation on Remote Working entered into force only recently, the influence of unions on working arrangements would vary depending on the negotiation process and their relations with employers.

Footnote

1 All administrative fine amounts mentioned in this questionnaire will be updated for each year based on a re-evaluation determined annually.

First published by Portobello Legal Media - International Employment Lawyer, in 21.09.2021

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.