ARTICLE
10 June 2026

Data Protection Compliance In CCTV Systems: Assessment Of The Public Announcements Issued On 8 June 2026

E
Egemenoglu

Contributor

Egemenoglu logo
Egemenoglu is one of the largest full-service law firms in Turkey, advising market-leading clients since 1968. Egemenoğlu who is proud to hold many national and international clients from different sectors, is appreciated by both his clients and the Turkish legal market with his fast, practical, rigorous and solution-oriented work in a wide range of fields of expertise. Egemenoğlu has been considered worthy of various rankings by the world’s most leading and esteemed rating institutions and legal guides. We have been ranked as Recognized in “Project and Finance” and “Mergers and Acquisitions” areas by IFLR 1000. We also take place among the top- tier law firms of Turkey at the rankings of Legal 500, at which world’s best law firms are regarded, in “Employment Law” and “Real Estate / Construction” areas. Also our firm is regarded as significant by Chambers& Partners in “Employment Law” area as well.
Explore Firm Details
The Personal Data Protection Authority ("the Authority") published two separate public announcements on 8 June 2026 regarding the lawful use of CCTV systems. One of the announcements covers apartment and residential complex management bodies, whilst the other covers employers.
Turkey Privacy
Sena Uykan and Ecem Kus
Your Author LinkedIn Connections
Egemenoglu are most popular:
  • within Accounting and Audit, Technology and Transport topic(s)
  • in Turkey

The Personal Data Protection Authority ("the Authority") published two separate public announcements on 8 June 2026 regarding the lawful use of CCTV systems. One of the announcements covers apartment and residential complex management bodies, whilst the other covers employers.

The published announcements provide further guidance on the circumstances, purposes and methods under which CCTV systems may be deployed, and highlight the key considerations data controllers must take into account regarding critical issues such as proportionality, privacy, data security and the information obligation. According to the Authority's explicit warning, failure to comply with the matters specified in the announcements may result in the imposition of administrative monetary fines under Article 18 of the Personal Data Protection Law ("KVKK").

I. Security Camera Systems In Apartment Blocks

The Authority emphasises that, in disputes regarding the unlawful installation of cameras in apartment blocks and housing estates, the provisions of the Condominium Law No. 634 must also be taken into account alongside the KVKK.

According to the announcement, it is permissible to install a camera system in common areas for the purpose of protecting common areas, ensuring building security, and preventing incidents such as theft or damage to property. However, during the installation of such systems, residents' reasonable expectations of privacy must be respected under all circumstances.

In this context, the key points highlighted by the Authority are as follows:

  • Cameras must not be positioned at angles that allow a view into the interior of a flat when the door is opened.
  • Stairwells and points that could affect private living spaces must be carefully assessed.
  • Cameras should record from the narrowest possible angle; unnecessary areas should be technically masked.
  • More intrusive technologies, such as facial recognition and voice recording, should be avoided.

The Authority also states that whilst elevators are considered common areas, their narrow and enclosed nature requires a separate assessment. The installation of cameras in elevators must be clearly justified; it should be borne in mind that continuous recording may create a sense of intense surveillance among individuals.

Another point that apartment and residential complex management bodies must pay attention to is the retention period of recordings. Rather than storing camera recordings indefinitely, they must be deleted or destroyed at the end of a reasonable period necessary for the specified purpose. In the event of an incident, it would be appropriate to retain only the relevant recordings for the duration of the legal proceedings.

Furthermore, it is important that recordings can only be viewed by authorised persons, that sharing with third parties is prevented, and that the necessary information obligation under Article 10 of the KVKK is fulfilled in areas where cameras are installed.

In Decision No. 2020/560 of the Personal Data Protection Board ("the Board"), it was assessed that, despite the absence of legal personality in the owners' committee, the owners' committee will generally be deemed to act as the data controller in the context of apartment and residential complex management. However, the Board has also emphasised that, in each specific case, the individual or unit responsible for making decisions regarding personal data processing activities, establishing and managing the data recording system, and determining the purposes and means of processing must also be separately identified.

Should it be determined that the matters outlined in the Authority’s announcement have not been complied with, proceedings may be initiated against the relevant data controllers, including the imposition of administrative monetary fines under Article 18 of the KVKK.

II. Security Camera Systems In Workplaces

The Authority acknowledges that employers may utilise security camera systems for concrete and pre-determined purposes such as ensuring occupational health and safety, preventing workplace accidents, maintaining workplace security, and facilitating the prevention, investigation and detection of criminal acts. However, the Authority emphasises that the use of camera systems for the continuous surveillance of employees or performance monitoring may pose serious risks in terms of the right to privacy and the protection of personal data.

It should be particularly noted that, although the phrase "monitoring of employees' performance" is included among the justifications cited in the introduction to the Public Announcement, the Authority explicitly states in the remainder of the announcement that purposes such as performance monitoring, maintaining discipline or general control cannot be considered legitimate purposes. Consequently, camera systems intended to monitor employees' productivity, keep them under constant surveillance, or maintain discipline in an abstract sense will not, in themselves, constitute a valid legal basis for the processing of personal data.

When assessing the lawfulness of camera systems, not only the KVKK but also the employer's duty to protect the employee's personality as set out in Article 417 of the Turkish Code of Obligations No. 6098 and the obligation to provide a safe working environment as set out in Article 4 of the Occupational Health and Safety Law No. 6331 must be taken into account. Employers are obliged to design their surveillance activities in a manner that does not conflict with these obligations and does not infringe upon employees' fundamental rights and freedoms.

According to the Authority, the purpose of personal data processing must be clearly and explicitly determined on a case-by-case basis prior to the installation of cameras. The principle of data minimisation is fundamental to the use of security cameras, and it must be assessed in advance whether the same result can be achieved through less intrusive methods. Even in cases where the use of cameras is mandatory, the scope and volume of personal data processed must be limited to what is strictly necessary for the relevant purpose.

In certain sectors, the use of cameras constitutes an explicit statutory obligation. The Board's Decision No. 2022/1249 notes that currency exchange offices are under an obligation to maintain a camera system capable of monitoring the counters and cash machines where transactions are conducted, in accordance with the relevant legislation. Furthermore, in Decision No. 2020/494, it was stated that the obligation for courier companies to retain camera recordings for a specified period at their parcel acceptance centres is based on the data processing condition of being "expressly provided for by law".

The compliance of data processing activities carried out via security cameras with the principle of proportionality must be assessed in three stages:

(i) Suitability – whether the measure is capable of achieving the intended purpose;

(ii) Necessity – whether the same objective can reasonably be achieved through a less intrusive means;

(iii) Proportionality stricto sensu – whether a fair balance exists between the interference with individuals' rights and the legitimate aim pursued.

In this context, wide-angle surveillance systems covering the entire workplace, camera positions apt for continuously monitoring employees, and face-focused recording systems may result in a breach of the principle of proportionality.

One of the matters to which the Authority attaches particular importance is camera systems with audio recording capabilities. As audio recording constitutes a far more serious interference with the privacy of private life compared to video recording, such practices must be avoided unless there is a clear, specific and demonstrable legal justification.

In Decision No. 2020/212, the Board stated that the additional recording of audio for a purpose that could be achieved through video recording alone is contrary to the principle of proportionality; it noted that the simultaneous recording of audio and video could create a sense of constant surveillance among individuals, lead to the recording of private conversations, and undermine the very essence of the right to the protection of personal data. Furthermore, in Decision No. 2023/1461, it was assessed that audio recording could exceed the reasonable expectation of privacy of the individuals concerned and constitute a serious interference with the privacy of private life.

The Authority also states that the use of cameras in certain areas would clearly be unlawful. In particular, the use of cameras in the following areas may result in a breach of the right to privacy:

  • Toilets
  • Changing rooms
  • Shower areas
  • Mosques and places of worship
  • Rest and break areas
  • Breastfeeding rooms

In Decision No. 2022/797, the Board assessed that the processing of data via cameras in areas adjacent to toilets and similar private spaces would undermine employees' reasonable expectation of privacy. Furthermore, in Decision No. 2023/1356, it was determined that there is no explicit statutory provision justifying the monitoring of places of worship via cameras; and since such footage constitutes data relating to an individual's religious beliefs, it is classified as special categories of personal data under Article 6 of the KVKK, thereby rendering the camera application in question unlawful.

It should not be overlooked that camera recordings made in publicly accessible areas of the workplace may affect not only employees but also individuals not subject to surveillance, such as customers, visitors or children. Particular consideration must be given to the likelihood of vulnerable individuals, such as children, being affected by data processing activities; camera position, field of view and recording frequency must be determined accordingly.

Employers are also obliged to inform employees about camera systems in a proper manner under Article 10 of Law No. 6698 and to fulfil their information obligation. As emphasised in Decision No. 2023/1461, the information obligation is an obligation that must be fulfilled separately and independently of the conditions for data processing. In this context, simply displaying a warning sign indicating the presence of a camera is not considered sufficient in all cases; additional information regarding the scope of the data processing activity is expected to be provided.

Furthermore, retention periods for camera recordings must be clearly defined; an automatic deletion mechanism must be established on the system, role-based access controls and an authorisation matrix should be established. Access to camera recordings must be restricted to authorised persons only; unauthorised disclosure of recordings must be prevented, and the necessary technical and organisational measures must be implemented.

III. Conclusion

The public announcements dated 8 June 2026 have rendered the Authority's approach to security camera systems more concrete and practically applicable, read alongside previous Board decisions. Considered together, the announcements clearly demonstrate that it is not sufficient for camera systems to be installed solely for security purposes; they must also be operated in compliance with the fundamental principles of the KVKK, including data minimisation, proportionality, specified and legitimate purpose, limitation of retention periods, data security and the information obligation. The announcements also demonstrate that the Authority adopts a particularly restrictive approach towards practices involving audio recording, facial recognition technologies, monitoring of private spaces and any form of continuous employee surveillance.

In this context, it is important for apartment and residential complex management bodies to reassess their camera systems in light of the Condominium Law No. 634 and the KVKK, and to review camera angles, access permissions, retention periods and information provision processes. Similarly, it would be beneficial for employers to reassess their existing camera practices not only from the perspective of workplace security but also in terms of the protection of employees' private lives and their reasonable expectations of privacy.

Accordingly, data controllers are advised to carry out legal and technical compliance audits of their existing camera systems and to reassess the purposes of camera use, retention periods, access rights and information provision processes in accordance with the fundamental principles of the KVKK.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Sena Uykan
Person photo placeholder
Ecem Kus
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More