ABSTRACT
Protection of personal data is a concept that entered our legal system in 2010, and its scope has been expanded with the Law on the Protection of Personal Data, which entered into force in 2016. In this study, the Law on the Protection of Personal Data, the Principle of Private Life, Individual Application to the Constitutional Court, and the Labor Law are taken into consideration as a point where the personnel’s shift monitoring using fingerprint recording is combined as part of the evaluation of the individual application to the Constitutional Court regarding the protection of personal data and the privacy of private life.
I. INTRODUCTION
In this study, the rights of the worker within the scope of Personal Data Protection Law, Private Life Principle and Labor Law will be examined within the scope of various sources and laws within the framework of the Individual Application Decision of the Constitutional Court dated 10.03.2022 and numbered 2018/11988. After examining the scope of the concept of personal data, the laws protecting this concept, the situations that require and not require explicit consent, the connection between the “fingerprint”, which is a data related to the decision in question, and the examined issues will be detailed. Protection of Personal Data and Privacy of Private Life are institutions that support each other and will be examined under separate headings and evaluated together under the title of Protection of Personal Data under Labor Law. The aim of this study is to examine the effects, requirements and legality of the shift tracking made with fingerprints in terms of personnel and the institution that carries out the tracking. At the same time, the conditions for making an individual application to the Constitutional Court will be examined and the nature of the individual application opportunity will be examined. In this context, after the decision itself is examined, examples of the decisions of the Council of State regarding similar events will be given The protection of personal data and the principle of privacy are two overlapping concepts. In the application in question, the cancellation of the fingerprint tracking system is requested due to the fact that the use of fingerprints, which is personal data of a private nature, is against the protection of personal data and the principle of privacy. The Constitutional Court is also an authority that examines the applications made on the protection of personal data and examines the applications after the exhaustion of the existing judicial and administrative remedies due to the extraordinary nature of the individual application and being a secondary remedy. Protection of personal data is a frequently discussed issue between employers and employees in labor law, and the Council of State has decisions that can set an example on this issue. It is an issue that brings together the protection of personal data and labor law at a common point and includes views in favor of the employer and the views in favor of the worker, as it is in the status of special quality data such as using fingerprints for shift tracking and the use of other biometric data in shift tracking. For this reason, it is possible to encounter frequent votes against the decisions of the Council of State.
This study will explore the justifications, supported by several sources, for the Constitutional Court’s finding of a breach as a result of the application. Even though the shift tracking is within the authority of the employer, if there is no follow-up system in accordance with the principle of proportionality, the protection of personal data and a violation of the privacy of private life may occur by exceeding the limit set for the obligation and authority under the labor law.
II. THE LAW ON THE PROTECTION OF PERSONAL DATA
The Law on the Protection of Personal Data No. 6698 (“LPPD”) is a law that came into force in 2016, which aims to protect the fundamental rights and freedoms of individuals in the Turkish legal system and has become a resource that individuals can apply for more comprehensive protection in terms of privacy. LPPD has been prepared based on the Constitution and International conventions1. The regulation on the protection of personal data entered the Turkish Legal System with the constitutional amendment in 2010, enabling the first steps to be taken regarding the emergence of the law2. Since the law came into force, “private life” has become a phenomenon that needs to be protected comprehensively, especially with the development of technology. As clearly stated in Article 5 of the LPPD, “Personal data cannot be processed without the explicit consent of the person concerned”3 . In the continuation of the article, the processing of personal data is limited by counting the cases in which explicit consent is no sought. There are situations that may be related to the relevant Individual Application Decision of the Constitutional Court, such as the situations listed in the law, mandatory for the fulfillment of the legal obligation of data responsibility, necessity for data processing in terms of the legitimate interests of the data controller
A. Context of The Law on The Protection of Personal Data
Any data that makes a person identifiable is personal data. In the decisions of the Constitutional Court and the European Courts of Human Rights; data such as a person’s fingerprint, DNA sample, identity card, resume, video and audio recordings, license plate, family information are considered personal data. Personal data can be evaluated within the scope of the principle of privacy. Personal data is defined as “any information relating to an identified or identifiable natural person” in article 3/1(d) of the LPPD. As the LPPD does not limit the extent of personal data, it is important to decide which data can be considered personal data on concrete cases rather than relying solely on a broad definition. It has made it possible to define different types of data that may arise with the development of technology as personal data. In general terms, personal data includes all data belonging to the person that makes the person identifiable. Judicial jurisprudence, national and international legislation support this definition 4.
B. Nature of Fingerprinting of the Personnel
Fingerprinting is an application that concerns the principle of privacy, even though it takes place in the public areas during shift follow-ups. Fingerprint, which is defined as biometric data, should not be a data that can be accessed, processed or recorded unless there is an obligation, because it is personal. If an application such as shift tracking, which can be carried out every day and which can be carried out with simpler methods, is carried out by fingerprint tracking, it constitutes a violation of the law if it is done without the explicit consent of the personnel. In order to ensure the legality of fingerprinting, the explicit consent of the individual whose personal data is taken and the existence of one of the conditions stipulated in the law are required5. Fingerprints are a type of biometric data that is included in the data stated in article 6 of the LPPD. In this context, taking fingerprints of the personnel is an application that can be examined within the scope of labor law, protection of personal data and privacy. The data owner has certain rights such as obtaining information about his/her personal data, accessing data, requesting correction of inaccurate personal data, and requesting deletion of data6.
III. RESPECT FOR PRIVATE LIFE
Confidentiality of private life is a concept regulated in the Constitution and in accordance with Article 20 of the Constitution, “Everyone has the right to demand respect for his private and family life. Inviolable confidentiality of private life and family life”. As stated in the third paragraph of the article, the person has the right to access personal data about himself/ herself, to be informed about these data and the purposes of use, and to request the deletion of the data. Protection of personal data and privacy of private life are two rights that can be evaluated together in this context. The processing of personal data can be seen as a sub-title that can be considered within the scope of the incidents related to the violation of privacy, and likewise, the right to privacy can be seen as a sub-title in the incidents related to the protection of personal data.
IV. PROTECTION OF PERSONAL DATA UNDER THE LABOR LAW
In accordance with the Labor Law, the employer can use the information obtained about the employee within the framework of the rule of good faith and in accordance with the law. The article regarding the effect of LPPD on the Labor Law is included in Article 75/2 of the Labor Law. Pursuant to the relevant article, “The employer is obliged to use the information obtained about the employee in accordance with the rules of honesty and law, and not to disclose the information that the employee has a justified interest in keeping it confidential”. Within the scope of Article 5 of the LPPD, the processing conditions of personal data are listed and the provision is:
“(1) Personal data cannot be processed without the explicit consent of the person concerned.
(2) In the presence of one of the following conditions, it is possible to process personal data without seeking the explicit consent of the data subject:
a) It is clearly stipulated in the laws.
b) It is compulsory for the protection of the life or physical integrity of the person or another person, who is unable to express his consent due to actual impossibility or whose consent is not legally valid.
c) It is necessary to process the personal data of the parties to the contract, provided that it is directly related to the establishment or performance of a contract.
ç) It is mandatory for the data controller to fulfill its legal obligation.
d) The person concerned has been made public by himself.
e) Data processing is mandatory for the establishment, exercise or protection of a right.
f) Data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the data subject.” Article 8 of the same law, which includes the transfer of personal data formatted as:
“(1) Personal data cannot be transferred without the explicit consent of the person concerned.
(2) Personal data;
a) In the second paragraph of Article 5,
b) Provided that adequate measures are taken, in the third paragraph of Article 6, In case of existence of one of the conditions specified, it can be transferred without seeking the explicit consent of the person concerned.
(3) Provisions in other laws regarding the transfer of personal data are reserved.”
In the light of these provisions, the processing of the said information, its sharing with third parties, and the collection of data are based on the explicit consent of the worker. In addition, the employer has to pay attention to inform the workers about the area where the data is used, not to process the data when there is no obligation, and to take all kinds of measures to protect the data. The aforementioned worker’s obligations fall under LPPD’s scope, and they are assessed within this scope. When the Labor Law is considered together with the LPPD, the employer is the data controller and must act within the scope of the LPPD when processing, storing and sharing the information of the workers7. The provisions regarding the obligations of the data controller are included in the Third Section of the LPPD under the title of “Rights and Obligations”. In accordance with Article 10 of the LPPD, the data controller is obliged to inform the relevant persons about the identity of the data controller and, if any, its representative, for what purpose the personal data will be processed, to whom and for what purpose the processed personal data can be transferred, the method and legal reason for collecting personal data, and the rights of the data subject listed in Article 11.
A. Working Hours
Pursuant to the Labor Law, it is among the obligations of the employer to monitor the working hours of the worker and notify the worker. Keeping track of the working hours is important for the payment of the worker’s rights. However, the data collected regarding the entry and exit times of the worker are not considered as personal data within the scope of LPPD, so the explicit consent requirement does not exist here. Nonetheless, the LPPD applies when tracking working hours is done by gathering information that would be regarded as personal data. In this case, all personal data must be based on the explicit consent of the person, except for the cases where personal data can be recorded without the explicit consent specified in Article 5 of the LPPD8. In any case, the follow-up should be done proportionally. If all the activities of the worker are recorded outside of the working hours, there will be a disproportionateness here. Shift tracking of the worker can be done with a card system or with the signature of the worker. Since the data obtained on the working time is important in terms of getting the rights of the worker regarding these periods, the follow-up of these data is within the responsibility of the employer. In order for the employer to fulfill this obligation, it must be able to record the necessary data without seeking explicit consent. The situations specified in article 5 of the LPPD allow this. However, there is an exception regarding personal data of a private nature. The employer cannot record these data, which are considered private, in the absence of explicit consent9.
Special categories of personal data are listed in article 6 of the LPPD, and fingerprinting, which is the subject of our study, is counted among these data. Pursuant to article 6/2 of the LPPD, “Processing of sensitive personal data is prohibited without the explicit consent of the person concerned.” In cases where explicit consent is required, with consent, and in cases where it does not, within the framework of proportionality, the employer will be able to control the working hours of the worker and record these data. There will be a violation of the principle of proportionality, which is a crucial need for the processing of special quality personal data, if the employer can track working hours with a card, which is a more measured approach, or by a signature, if it uses biometric data. The processing of biometric data is subject to explicit consent, except for special cases required by law, and the use of biometric data for shift tracking will be disproportionate. The use of biometric data in workplaces operating in private security areas such as the defense industry, in exceptional cases when transitioning to high-sensitivity units does not constitute a violation of the law10.
B. Processing of Private Personal Data
Private personal data are more sensitive data that need to be protected with stricter rules compared to personal data11. Personal data of a special nature are specified in paragraph 1 of Article 6 of the LPPD. According to this, “The data related to the race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, disguise and dress, membership to associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, as well as biometric and genetic data is personal data of special nature”. These data cannot be processed and/ or stored without the explicit consent of the person concerned. However, it may be processed if it is expressly stipulated in the law. Precautions should be taken when processing this information, and the environment in which it is housed should be one in which special care is taken when processing data. Biometric data, which is one of the special personal data listed in the article, is data processing in the form of fingerprint, retinal scan, hand scan or face reading within the framework of working hours control. In order for the processing of these biometric data to be lawful, the explicit consent of the worker must be obtained or there must be a clear provision in the law regarding this. Processing biometric data in this way can only be considered moderate in workplaces located in sheltered and private areas such as the defense industry. In addition to these, there will be an imbalance in this situation if the data of the person in the special data status is processed and the tracking is carried out, even though the shift tracking can be controlled with a chip-inserted card system or by having the payroll record signed at the workplace.
When the existence of explicit consent and proportionality coexist, the processing of personal data of a special nature will be in accordance with the law. Since it is possible to carry out the shift tracking, which is the subject of the purpose, with methods that do not require the processing of special personal data, as mentioned above, the processing of personal data of a special nature in this follow-up leads to disproportionateness12. According to the Labor Law, the concept of proportionality should be evaluated in the context of concrete events. The proportionality audit is carried out by examining the existence of a reasonable relationship between the means and the purpose. Although the worker gives explicit consent to the processing of biometric data such as fingerprints, the data can be processed in accordance with Article 75 of the Labor Law and Articles 417 and 419 of the Turkish Code of Obligations. The condition sought here is to follow up and process the data to the extent necessary for the performance of the contract13.
V. INDUVIDUAL APPLICATION TO THE CONSTITUTIONAL COURT
A. Nature of The Individual Application
Individual application is a constitutional judicial remedy and a means of seeking rights against violations by public power within the framework of fundamental rights and freedoms guaranteed by the Constitution14. In this type of case, which can be resorted to as a secondary remedy, the applicant must have exhausted all judicial and administrative remedies stipulated in the law. It can be understood from this expression that it has an extraordinary quality. It will not be possible to make an individual application to the Constitutional Court without exhausting the ordinary judicial and administrative remedies15.
B. The Right to Respect for Private Life and The Right to Protection of Personal Data
The Constitutional Court evaluates whether the right to respect for private life has been violated in the individual application decisions within the scope of the Privacy of Private Life regulated in Article 20 of the Constitution. Interventions to the right to respect for private life are included in the protection of material and moral existence in the Constitution. Restrictions on personal data, identity, individual privacy, work life, life in prison are examined as interference with private life16.
The fact that fundamental rights and freedoms are regulated in the Constitution allows to benefit from the principle of supremacy of the constitution in the context of the hierarchy of norms. For this reason, the right to protect personal data can be considered within the scope of the principle of supremacy of the constitution in cases such as data processing, recording and sharing17.
VI. SAMPLE DECISIONS
A. State Council Decision- 5. D., E. 2013/5342 K. 2013/9525 T. 10.12.2013
interest, and that tracking the working hours of the personnel with fingerprints constitutes a violation of the privacy of private life. There is opposition to the decision.
B. State Council Decision- 5. D., E. 2016/409 K. 2016/1909 T. 4.4.2016
In the incident, a fingerprint reader was installed in the service building of the Administration for the purpose of tracking work hours. The plaintiff requested the cancellation of the operation regarding the activation of the fingerprint reader. The Administrative Court dismissed the case on the grounds that the fingerprint reader system was necessary for the effective performance of the public service and there was no prohibition imposed by law. The Council of State stated that, pursuant to the relevant articles of the Constitution, fundamental rights and freedoms can only be limited by law and that restrictions cannot be contrary to the principle of proportionality. Referring to the article on the privacy of private life and the relevant article of the European Convention on Human Rights, the Council of State asserted that the collection of personal data is in question within this framework and stated that there should be a legal basis for imposing restrictions on personal data. It overturned the court’s decision on the ground that it was not appropriate. There is a dissenting vote on the decision.
VII. EXAMINATION SPECIALLY OF THERE LATED DECISION
A. Facts and Claims of the Parties
In the incident that is the subject of the decision, the applicant, a civil servant employed by the Municipality, asked that the fingerprint tracking application be removed from the place of employment on the grounds that the institution’s use of the system violated the principle of respect for private life by scanning and recording fingerprints for shift tracking. The applicant filed a lawsuit at the Administrative Court for the annulment of the relevant administrative act. With the acceptance of the case, the court decided to cancel the administrative action. However, an appeal was made by the Administration. The Regional Administrative Court decided to reject the case with the acceptance of the appeal application. At this stage, the applicant made an individual application to the Constitutional Court.
The defense of the institution (Söke Municipality) stated that the consistency of the public service provided by the fingerprint recorders, the supervision of the personnel’s effectiveness, and the fulfillment of this application by the mayor to manage the municipal organization are crucial for the efficient execution of the service in the individual application decision of the Constitutional Court, dated 10/3/2022 and numbered 2018/11988. It is claimed that there is no violation of respect for private life on the grounds that the monitoring of working hours is done to control the compliance of the personnel with the working hours. The applicant’s attorney stated that the recording of personal data should be in accordance with the constitutional guarantees, and on the grounds that it is not possible to guarantee how the fingerprint, which is unique to each person, will be recorded and stored, and whether it will be shared or not, this data recorded without consent is subject to the personal data protection law and claims that it violates the principle of privacy of life.
The institution claims that the time tracking performed by taking fingerprints is more reliable than the tracking with the card system, as it contains personal information.
The Regional Administrative Court dismissed the case with the approach that there was no violation of the legislation on the grounds that the use of technical resources to execute public service duties in an effective and efficient manner followed the law. It was stated that there was no basis for the violation of privacy, and the final decision was notified to the attorney of the applicant.
B. Evaluation of the Constitutional Court
In its assessment of the alleged violation of the protection of personal data and the right to respect for private life, the Constitutional Court made the following statements:
“In the case that is the subject of the application, it has been understood that the Institution monitors whether the personnel comply with the working hours with the fingerprint tracking system, and in this context, the fingerprint of the applicant is recorded and stored. It is seen that the administration and employers who want to take advantage of the opportunities of technological developments use methods such as magnetic ID cards, face and iris scanning, fingerprint registration system to ensure overtime tracking and entrance and exit controls based on purposes such as increasing the efficiency of the personnel and ensuring security.
However, it should be emphasized that in order to implement a personnel tracking system, especially with the method of recording biometric data, the explicit consent of the person should be available in cases not regulated by the laws. In addition, in the case of processing sensitive data based on the consent of the employee, of course, first of all, the principle of legality must be met in the context of Article 13 of the Constitution. In order to be able to talk about the existence of explicit consent, it is essential that the employee is adequately informed beforehand about the scope, purpose, limits and consequences of the personal data to be processed. Nevertheless, it can be said that the aforementioned methods can be applied within the scope of the administration’s control and management authority, in the presence of a legitimate aim as a rule, and in the absence of another suitable way to achieve this aim with less interference with rights and freedoms, and to be limited to the purpose. In this context, it should be reminded that in the event that methods involving the processing and sharing of personal data are used in the workplace, constitutional guarantees that will protect the rights and freedoms of the employee should be provided by the administration.
In the concrete case, there is no dispute that the applicant did not consent to the registration of the fingerprint by the Institution for the purpose of shift tracking and the processing of sensitive personal data regarding him/ her. However, in the absence of the person’s consent, special categories of personal data may be processed if it is expressly stipulated in the laws. In this case, since there is no “explicit consent” requirement in Article 20 of the Constitution and Article 6 of the Law No. 6698, it should be evaluated whether a law regulates the processing of fingerprints within the scope of biometric data and their use in shift tracking. First of all, it is meant that the processing and use of sensitive data -related to the relevant field of activity or sector- are separately and clearly regulated in the laws, without being expressly stipulated in the laws specified in the aforementioned legislation. In this context, Law No. 6698 is not a law that authorizes municipal employees to register their fingerprints and track their hours with the fingerprint tracking system, and clearly does not regulate this issue. In this case, it should be discussed whether the Law No. 657 and Law No. 5393, on which the administrative and instance courts rely on their justifications, contain a clear regulation appropriate to the concrete case.
In this context, when the aforementioned legislation is examined (see §§ 18-20), it is stated in the Law No. 657 that there are regulations regarding the determination of the working hours of civil servants and the starting and ending times of the daily working hours, but the control of the employee’s attendance status and for this purpose the personal, it has been observed that there is no clear regulation regarding the processing of data. It has been understood that in Law No. 5393, the authority to administer and manage the municipal organization is left to the mayor, but there is no regulation for the processing of special categories of personal data within the scope of this authority.
In the light of these findings, it is clear that there is no regulation in the aforementioned legislation that determines the basic principles and principles regarding the processing of special quality personal data for the purpose of shift tracking or employee supervision, and in this context, the use of biometric data-based tracking systems. Within the framework of the explanations, it was concluded that the applicant did not consent to the processing of sensitive personal data, and the processing and use of biometric data in the control of the employee’s compliance with the working hours was not separately and explicitly stipulated by the aforementioned laws, and the intervention subject to the application did not meet the legality requirement
Since it was understood that the intervention subject to the application did not meet the requirement of legality, it was not deemed necessary to evaluate whether other assurance criteria were complied with in terms of the mentioned intervention.
For the reasons explained, it should be decided that the applicant’s right to demand the protection of personal data within the scope of the right to respect for private life, which is guaranteed in Article 20 of the Constitution, has been violated.”
In the aforementioned decision, referring to the legislation that can be applied specifically to the content of the decision, apart from the LPPD and Labor Law, it was stated that the Constitutional Court should decide that the applicant’s right to respect for private life, which is guaranteed by the Constitution, is violated due to the lack of legality requirement and the absence of explicit consent.
VIII. CONCLUSION
The aforementioned decision was taken upon the examination of the allegation that the practice of tracking time using fingerprints constitutes a violation of the protection of personal data and privacy of private life. As a result of the evaluation of the sample Council of State decisions, the approach to similar issues in the doctrine and the comments made in accordance with the legislation, in my opinion, monitoring the working hours by taking the fingerprint of the employee goes beyond the employer’s obligations under the Labor Law and contradicts the principle of proportionality. For the reasons listed, there is a violation of the protection of personal data and the right to respect for private life is violated, it is against the law for the institution to monitor the working hours by scanning and recording the fingerprint, which is a biometric data.
BIBLIOGRAPHY
AHMET NOHUTÇU, Türkiye İçin Yeni Anayasa Vizyonu ve Yol Haritası, 1. Baskı, Ankara 2022.
BEKİR GÜRSES, AB ve Türk Hukukunda Kişisel Verilerin Korunması Mevzuat Uyumuna Yönelik Bir Değerlendirme, 1. Baskı, İstanbul 2022.
BURCU ILGIN, Anayasa Yargısı Bireysel Başvuru Yolunda Kişilik Haklarının Korunması, Ankara 2022.
CANAN İMANÇLI, Kişisel Sağlık Verilerinin Korun(a)mamasından Doğan Özel Hukuk Sorumluluğu, 2020. ELİF KÜZECİ, Kişisel Verilerin Korunması, 3. Baskı, Ankara 2019.
FATİH ALKAN, Anayasa Mahkemesi ve Avrupa İnsan hakları Mahkemesi Kararları Bağlamında Özel Hayatın Gizliliğini İhlal Suçu, Yükseklisans Tezi, İstanbul 2019.
MERT ASKER YÜKSEKTEPE, Özel Hayata ve Hayatın Gizli Alanına Karşı Suçlar, 1. Baskı, İstanbul 2021.
MUSTAFA BAYSAL , Kişisel Verilerin Korunması Kanunu El Kitabı, 5. Baskı, Ankara 2022.
SENEM OVALIOĞLU SEYİS, Avrupa Birliği Hukukunda Kişisel Verilerin Korunması, 1. Baskı, Ankara 2022.
SEZGİN TANRIKULU, Anayasa Mahkemesine ve Avrupa İnsan Hakları Mahkemesine Bireysel Başvuru, 1. Baskı, Ankara 2022.
ŞAHİN ÇİL, İş Hukuku Yargıtay İlke Kararları, 9. Baskı, Ankara 2022.
TURAN ATLI, “Kişisel Verilerin Önleyici, Koruyucu ve İstihbari Faaliyetler Amacıyla İşlenmesi” Necmettin Erbakan Üniversitesi Hukuk Fakültesi Dergisi, C. 2 , S. (1), sayfa 4-22, 2019.
YEŞİM TOKGÖZ, İş Hukuku Kapsamında Kişisel Verilerin Korunması (Erişim: 27.10.2022) https://www.erdem-erdem.av.tr/bilgi-bankasi/is-hukuku-kapsaminda-kisisel-verilerin-korunmasi.
YUNUS EMRE YILMAZOĞLU/ İSMAİL EMRAH PERDECİOĞLU/ ÖZCAN ALTAY/ HİLMİ CAN TURAN, Bireysel Başvuruya Dair Sıkça Sorulan Sorular, AYM Yayınları, Ankara 2019 https://www.anayasa.gov.tr/media/5621/ bb_sss.pdf (Erişim : 27.10.2022).
FOOTNOTE
1 Yeşim Tokgöz, “İş Hukuku Kapsamında Kişisel Verilerin Korunması”, Temmuz 2017 https://www. erdem-erdem.av.tr/bilgi-bankasi/ is-hukuku-kapsaminda-kisisel-verilerin-korunmasi (Erişim Tarihi: 27.10.2022).
2 Turan Atlı, “Kişisel Verilerin Önleyici, Koruyucu ve İstihbari Faaliyetler Amacıyla İşlenmesi”, Necmettin Erbakan Üniversitesi Hukuk Fakültesi Dergisi, C. 2, S. 1, 2019, p. 5.
3 6698 sayılı Kişisel Verilerin Korunması Kanunu m. 5 07.04.2016 tarih, 29677 sayılı Resmi Gazete (RG).
4 Canan İmançlı, Kişisel Sağlık Verilerinin Korunamamasından Doğan Özel Hukuk Sorumluluğu, İstanbul 2019, p. 37.
5 Mustafa Baysal, KVKK Kişisel Verilerin Korunması Kanunu El Kitabı, Ankara 2022, p. 170-172.
6 Senem Ovalıoğlu Seyis, Avrupa Birliği Hukukunda Kişisel Verilerin Korunması, Ankara 2022, 86-93.
7 Tokgöz, İş Hukuku Kapsamında Kişisel Verilerin Korunması https:// www.erdem-erdem.av.tr/bilgi-bankasi/ is-hukuku-kapsaminda-kisisel-verilerin-korunmasi (Erişim: 27.10.2022).
8 Şahin Çil, İş Hukuku Yargıtay İlke Kararları, Ankara 2022, p. 1084.
9 Çil, İş Hukuku Yargıtay İlke Kararları Ankara 2022, p. 1586.
10 Çil, İş Hukuku Yargıtay İlke Kararları Ankara 2022, p. 1084.
11 Baysal, KVKK Kişisel Verilerin Korunması Kanunu El Kitabı, Ankara 2022, p. 44-46.
12 Çil, İş Hukuku Yargıtay İlke Kararları, Ankara 2022, 1587.
13 Çil, İş Hukuku Yargıtay İlke Kararları, Ankara 2022, 1085.
14 Burcu Ilgın, Anayasa Yargısı Bireysel Başvuru Yolunda Kişilik Haklarının Korunması, Ankara 2022, p. 117-118.
15 Yunus Emre Yılmazoğlu/ İsmail Emrah Perdecioğlu/ Özcan Altay/ Hilmi Can Turan, Bireysel Başvuruya Dair Sıkça Sorulan Sorular, AYM Yayınları, Ankara 2019, s. 14. https://www. anayasa.gov.tr/media/5621/bb_sss. pdf (Erişim tarihi: 27.10.2022).
16 Sezgin Tanrıkulu, Anayasa Mahkemesine ve Avrupa İnsan Hakları Mahkemesine Bireysel Başvuru, Ankara 2022, p. 53.
17 Ahmet Nohutçu, Türkiye İçin Yeni Anayasa Vizyonu ve Yol Haritası, Ankara 2022, p. 46
