Turkey - KVKK (Kişisel Verileri Koruma Kanunu)

Modified on Tue, 04 Jul 2023 at 04:52 PM

What does the KVKK stand for in Turkey?

On April 7, 2016, Turkey enacted Law No. 6698, also known as the Personal Data Protection Law (Kişisel Verileri Koruma Kanunu or KVKK). This groundbreaking legislation serves as Turkey's first dedicated law specifically addressing the protection of personal data within the country. Prior to the implementation of the KVKK, data protection in Turkey was governed by various sectoral laws as well as provisions outlined in the Turkish Constitution and Penal Code.

To promote transparency and public input, the Turkish Data Protection Authority (DPA) recently released the "Draft Guidelines" for public consultation. These guidelines offer comprehensive recommendations concerning the use of cookies in processing personal data. While the Draft Guidelines primarily focus on cookies that handle personal data, they do not extend to similar technologies such as pixels or beacon technology. Furthermore, they encompass not only websites but also applications.

The Draft Guidelines emphasize the need for explicit consent when using tracking cookies for social plug-ins and online behavioral advertising. However, under specific circumstances, first-party analytics cookies that don't collect personal data may be used without the data subject's explicit consent. These circumstances include utilizing first-party analytics cookies solely for generating anonymous statistics, refraining from cross-tracking user internet browsing, ensuring a reasonable cookie lifespan, and prohibiting the transmission of data collected via first-party analytics cookies to third parties.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

KVKK and Cookie Banner conditions.

In order to obtain explicit consent, the Turkish DPA stipulates that consent must be specific, informed, and given freely. Within the context of cookie banners, the Draft Guidelines recommend certain practices. For instance, an effective banner should incorporate a cookie management tool (CMT) with equal options for "acceptance," "rejection," and "preferences" in terms of color, size, and font. Additionally, it should feature an easily accessible CMT icon on the website. Conversely, it is deemed inappropriate to present only an "accept" button on the banner or rely on implicit acceptance.

Considering the above, we encourage the implementation of a banner that aligns with the following characteristics:

  • Include a Button to Accept Cookies: The text in the cookie banner and the button must make it clear that by clicking the button the user agrees to the deployment of cookies, this is known as Opt-in consent. 
  • Include a Button to Reject Cookies: Must include a statement telling the user that they can deny the consent of data collection and a button that allows them to do so.
  • Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
  • Alert the User if the Website Shares Data with Third-Party cookies: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
  • Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.

Observations: With illow's GDPR banner, your site will be ready to comply with this regulation.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article