Türkiye’s data watchdog has reported a surge in complaints and applications concerning the unlawful use of security cameras installed in workplaces, prompting renewed warnings over privacy violations and data protection obligations.
In a statement, the Personal Data Protection Authority (KVKK) stressed that while camera systems may be installed for security purposes, their operation must comply with the country’s personal data protection legislation. The watchdog warned that the use of surveillance systems beyond their intended purpose could infringe on individuals’ privacy rights and lead to administrative sanctions.
KVKK said workplace cameras should not be used disproportionately to monitor employee performance, enforce discipline or conduct continuous surveillance of staff. Such practices, it noted, may constitute an interference with the right to private life.
The authority also underlined that cameras should not be installed in areas where individuals have a heightened expectation of privacy, including restrooms, changing rooms, prayer rooms and employee rest areas.
Similar principles apply to residential buildings and housing complexes. KVKK said camera placement must take residents’ reasonable privacy expectations into account and should be limited to clearly defined common areas. Cameras should not be positioned in a way that allows them to view the interiors of private residences or directly monitor apartment entrances.
The watchdog further cautioned against the use of advanced surveillance technologies such as facial recognition and audio recording features unless they are strictly necessary and proportionate to the stated purpose of the system.
Under a recently published principle decision, employers will face stricter conditions when using fingerprint, facial recognition, retina or vein-scanning systems to track attendance and working hours.
The board emphasized that biometric data constitutes a special category of personal data and that employee consent alone may not provide a sufficient legal basis for processing it.
Instead, employers are expected to prioritize less intrusive alternatives such as access cards, PIN codes, QR systems, RFID or NFC cards and signature logs. Biometric methods should be used only in exceptional cases where other options can be demonstrably shown to be inadequate.
Businesses found to be in breach of the rules may face administrative fines and other sanctions, while employees retain the right to file complaints with the authority and seek judicial remedies.
