Against the CoronaVirus epidemic, which has an effect worldwide, some measures are taken in every country to prevent the spread of the epidemic.
In our country, with the cooperation of the Ministry of Health, the Information Technologies and Communications Authority and GSM Operators, within the scope of these measures, the “Pandemic Isolation Tracking Project”, which has the opportunity to follow the people under observation at home with digital method, and warns the people under observation when necessary, has been implemented as of yesterday. .
With the project in question, it is aimed to monitor whether people who have positive cCovid-19 test, their relatives, and whether they are under observation in order to protect the health of the country in general.
With the Public Announcement dated 09.04.2020, the Personal Data Protection Authority clarified the question marks in our minds about the Pandemic Isolation Tracking Project.
The institution mentioned that all states, including our country, resorted to various measures and measures to protect against the disease caused by Covid-19 (CoronaVirus), and that besides traditional measures such as quarantine, social distance and social isolation, technological opportunities are also used, and in the said announcement: In order to prevent the spread of the coronavirus; methods such as mobile applications; It has been stated that personal data such as health, location and contact information of related persons are processed for purposes such as detecting those who have the disease or who have come into contact with people who are at risk of carrying the disease, applying treatment and quarantine by mapping the spread of the virus, controlling those who are quarantined, enforcing the curfew, and detecting crowded places.
Location data is in the Regulation on the Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Industry. It is defined as “specific data that determines the geographical location of a device belonging to a public electronic communication service user and is processed in the electronic communication network or through the electronic communication service” .
In cases where it is necessary to use location data in association with the relevant person; In subparagraph (ç) of paragraph (1) of Article 28 of the Law No. 6698, personal data is intended to protect national defense, national security, It is regulated that the provisions of the Law will not be applied if it is processed within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations that have been given duty and authority by law to ensure public safety, public order or economic security.
From this point of view, in order to eliminate this threat in situations that threaten public order and public safety, such as epidemics, the Institution is responsible for ensuring the isolation of people diagnosed with an epidemic during the contagious period, identifying crowded areas by processing the location data of the general population, and developing measures in this context. stated that data processing activities to be carried out by authorized public institutions and organizations will be evaluated within the scope of subparagraph (ç) of paragraph (1) of Article 28 of the Law.
In this framework, there is no obstacle to the processing of location data by public institutions and organizations that fall within the scope of the aforementioned article in order to prevent the spread of the disease, since the epidemic caused by Covid-19 threatens public security and public order. With this decision, it was pointed out that the priority is the protection of public health within the scope of the processing of personal data by the Authority.
However, taking into account that serious damages may occur in terms of data subjects if the said data is seized by third parties, the relevant institutions and organizations take all necessary technical and administrative measures to ensure the security of personal data, and the personal data in question shall be deleted if the reasons for the processing of this data disappear. It was also mentioned that it should not be forgotten that it should be destroyed or destroyed.
As a result, it is possible to legally process the personal data to be obtained within the scope of the project, as it is a matter of public order and security, provided that it is not used for any purpose other than preventing the virus epidemic and is destroyed on the date the risk ends. It is under the guarantee of the state that personal data cannot be used for any other purpose, and we hope that the security of the system will be strictly controlled.
You can find the company statement at the following link; https://www.kvkk.gov.tr/Icerik/6726/COVID-19-ILE-MUCADELEDE-THE-TO-KNOW-THE-TO-KNOW-THE-CONTACTING-DATA-CONTROLLING-AND-MOBILE-ABOUT-2-
Ebrar TURAN
S. Lawyer / K&P Legal Law Firm