Criminal Acts Which Are Regulated in The Turkish Criminal Code Regarding The Processing of Personal Data
1. Crimes Regulated in the Turkish Criminal Code
a. Generally
1. As explained in detail earlier, nowadays, personal data is processed in digital and analog environments by public institutions and organizations belonging to the state, as well as real and legal persons in the private sector. The close relationship of personal data with a person’s private life, privacy and personal rights, the state’s obligation to protect fundamental rights and freedoms, determining the lawful processing of personal data by the state made it mandatory to regulate the processing of data by illegal methods and actions aimed at violating the right to protection of personal data as a crime in law. Some countries, such as Switzerland, Austria, Germany and the Netherlands, have regulated criminal provisions in their special laws, while some other countries, such as France, have adopted these provisions into their criminal codes. Turkey has included criminal acts in the Turkish Criminal Code and has regulated misdemeanours firstly in the Personal Data Protection Law, then in the Law on the Regulation of Broadcasts via Internet and Prevention of Crimes Committed through Such Broadcasts, the Electronic Communications Law and other relevant laws. With the regulation made in Article 17/2 of the Personal Data Protection Law, those who do not erase or anonymize personal data as contrary to the provision of Article 7 of this Law shall be punished in accordance with Article 138 of the Law No. 5237, referring to the TCC (Turkish Criminal Code).
When the norms that forms a crime related to the protection of personal data in the Turkish Criminal Code are examined, it is observed that some types of crimes directly provide for the protection of personal data, while some types of crimes indirectly provide for the protection of personal data. The crimes of “recording of personal data” , “Unlawful delivery or acquisition of data”, “Destruction of Data” directly ensure the protection of personal data while the crimes of “Violation of Communicational Secrecy” “Tapping and recording of conversations between the individuals” , “Violation of Privacy” , “Disclosure of business secrets, banking secrets or information relating to customers” , “Disclosure of office secrets” with “Access to data processing system”, “Hindrance or destruction of the system, deletion or alteration of data” provide the protection of personal data indirectly. It is observed that the crimes that directly ensure the protection of personal data are regulated under the heading of “Offenses Against Individuals” in the second part of the TCC, in the ninth section entitled “Offenses Against Privacy and Secrecy of Life”. This section also includes the crimes of “Violation of Communicational Secrecy”, “Tapping and recording of conversations between the individuals”, “Violation of Privacy”, which indirectly ensure the protection of personal data.
b. The Crime of Recording of personal data
The crime of recording of personal data is regulated in Article 135 of TCC as: “ (1) Any person who unlawfully records the personal data is punished with imprisonment from one yar to three years. (2) Any person who records the political, philosophical or religious concepts of individuals, or personal information relating to their racial origins, ethical tendencies, health conditions or connections with syndicates, the punishment to be imposed according to the above subsections is increased by one half”
When we look at the regulation, the question of what is the value protected by crime comes to mind. The answer to this question will also form the basis of the right to the protection of personal data. The answer we will give to this question is human dignity, which also includes the possibility of self-realization and development by creating an autonomous and free space of one’s own. The use of this opportunity makes a person valuable, allows us to see a person as a goal rather than a tool. A person reaches the opportunity to develop and realize himself in a free and autonomous space provided to him, in other words, in its personal and private life.
When we look at the text of the article, it is seen that the subject of the crime is personal data, but the definition of personal data is not made in the text of the article. Before the Personal Data Protection Law entered into force on 07.04.2016, it was stated that the fact that the definition of Personal Data was not made in the TCC would create problems, the definition of personal data should be made in accordance with the principle of legality of crimes and punishments, and what personal data is should be stated. It was also stated that the content of the concept of personal data should be determined in the doctrine and practice. General Assembly of Criminal Chambers accepted these two articles as incomplete norms due to the fact that the law on what personal data is has not been legalized and there is no inclusive resource or norm that can be applied regarding the circumstances in which the violation of the law in Articles 135 and 136 of the TCC. In its decision of the same date, the Court of Cassation stated that this framework regulation will be completed when the Personal Data Protection Law is approved by the Parliament, and it should not be considered that all personal data should be protected by criminal norms. According to the Court of Cassation, it will be necessary to understand the basis of the classification of personal data as information that aims and ensures the protection of the confidential area of private life, starting from the general privacy of life. In this context, the Court of Cassation has briefly classified personal data as personal data related to lifestyle, economic and financial personal data, personal data related to the field of information technology, personal data related to health, and political personal data[1]. Before the Personal Data Protection Law entered into force, the Constitutional Court also defines personal data as “the concept of personal data refers to all information about a person, provided that it is specific or identifiable” [2]. After the Personal Data Protection Law entered into force, personal data is defined as “any information relating to an identified or identifiable natural person” in Article 3 of the law.
Regarding the protection of personal data, the regulations for the protection of personal rights available in the Turkish Civil Code and the regulations for the protection of private life available in Article 8 of the ECHR have been insufficient, especially against the rapid cross-border flow of information between countries carried out by developing telecommunication devices, The Convention No. 108 on the Protection of Individuals with regard to Automatic Processing of Personal Data, prepared by the Council of Europe and opened for signature on January 28, 1981, was signed in Turkey together with the members of the Council and approved on 30.01.2016. In Article 2 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data No. 108 “Personal Data means any information relating to an identified or identifiable individual ”. It should also be taken into account that the convention No. 108 is an international convention on fundamental rights and freedoms duly entered into force and is a part of our domestic law. In the justification of Article 135 of the TCC, it is clearly stated that the arrangements in question are carried out in order to fulfill the obligations of the convention No. 108.
In Article 135/2 it is stated that “Any person who records the political, philosophical or religious concepts of individuals, or personal information relating to their racial origins, ethical tendencies, health conditions or connections with syndicates, the punishment to be imposed according to the above subsections is increased by one half” In Article 6 of the Personal Data Protection Law, special categories of personal data are defined as: Personal data relating to the race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, appearance, membership to associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, and the biometric and genetic data are deemed to be special categories of personal data. It is observed that the personal data for which penalties are foreseen to be increased when recorded are specified as special qualified personal data specified in the Personal Data Protection Law. It is stated in Article 6 (entitled as special categories of data ) of the convention No. 108 that; personal data revealing racial origin, political opinions or religious or other beliefs, as well as personal data concerning health or sexual life, may not be processed automatically unless domestic law provides appropriate safeguards, and these are also in the special data category. The broad definition of personal data in terms of criminal law, as mentioned above, has been criticized on the grounds that the scope of the crime is so wide that it may have unforeseen negative consequences in criminal law; lack of a definition of personal data may cause a very broad interpretation of the concept of crime and violate the principle of legality of crime and punishment, for this reason, it has been stated that the personal data that may constitute the subject of the crime in the article should only be personal data that concerns the private life of the person and that the person does not want others to know. [3]
In our opinion when it is considered that the definition of personal data is made in the same way in the contract No. 108 and the KVK Law, limiting personal data as information that aims and provides to protect the confidential area of private life by ignoring the definition made in the law and the contract, will make the concept of personal data unclear, leave a wide discretion to the judge, weaken the importance of the consent of the victim.
In accordance with the definition of the crime, personal data belonging to a real person must be recorded unlawfully. It can be by writing, drawing and marking on things, as well as in the form of recording on digital media. In this context, the crime of recording of personal data will not occur in memorizing personal data. The recording process can also be done with the camera, computer, voice recorder, pen, etc. The act of recording is an executive act, and this crime cannot be committed with a negligent act. In the recording of special qualified personal data in the second paragraph, the crime will fall within the scope of Paragraph 2 only when the special qualified personal data specified in a limited number of articles are recorded. Recording is sufficient for the crime to occur and there is no need for the data to be processed outside the recording. In addition, it is not necessary to provide a benefit or harm by recording, and this crime is a crime of danger. The fact that the action is limited only to recording shows that this crime can be considered incomplete. Because recording is not the only part of the processing action, actions such as collection, etc. are not taken into this arrangement when they should[4]. The offender of this crime can be any person but the victim must be a real person. Because in the definition of personal data, the relevant person or, in other words, the personal data owner has been defined as a real person by law. Since the holders of human rights are real persons, the holders of personal data or related persons are each individual of the human species, that is, real persons.
The crime can only be commite by intent in th terms of mens rea. Since the crime can not be commited with negligence the offender is not responsible from a record by negligence. The court of Cassation decided that the decision of acquittal is lawful in the case concerning the claim of insulting in the session on 17.09.2007. The evidences presented for the case are acquired when the defendant worked in neurological intensive care unit in Aydın Public Hospital as a computer operator under Unit Computing Computer Company, the defendant has accessed the data system of the hospital and recorded the informations between the dates of 27.04.2004-06.09.2004,when the intervener got an appointment from the psychiatry polyclinic, then used the 8 of the hospital application documents like the interveners id informations, which polyclinc did the intervener went, tha name of the doctor, the sequence number as evidence.[5]
Another element of the crime is unlawfulness. The act of recording must have occurred unlawfully. A crime will not occur if another rule of law allows the act of recording. In case of fulfilling a legal provision and the order of the supervisor regulated in the TCC, legitimate self-defense, state of necessity, use of the right and the consent of the person concerned, no punishment will be imposed, since the reasons for compliance with the law in the TCC is present. The existence of consent does not depend on the form in the sense of criminal law. In order for the consent to be valid, the person must be capable of giving consent, the person must have the right to freely decide on it, and a declaration of consent must be made. When personal data is recorded by some ministry personnel with the authority granted by the law without the consent of the relevant person in accordance with their duties, no crime will occur. For example, the records kept by the Directorate General of Civil Registration and the Directorate General For Criminal Records And Statistics of the Ministry of Justice are like this.
In order for the recording process not to constitute a crime, there must be a regulation in the law. Another important point is that, based on the authority given by the law, besides recording, recording should also be made in a proper manner. For example, in the transactions to be carried out within the scope of Articles CMK 132,133 and 134, the procedure provided for in the scope of the relevant article must be followed. In cases where it is necessary for the performance of a contract, the recording of personal data will not constitute a crime.
The sharing of address information for the delivery of goods, the sharing of account information for paying is necessary for the performance of the contract, and often the consent of the parties to the contract is also present. Since the contracts contain a general consent statement, it is useful to evaluate the consent separately in terms of the processing of personal data. In case of recording of personal data in order to protect the life or body integrity of the person concerned or someone else, while the consent of the person concerned is not available, no crime will occur. For example, this is the case when the location information of the kidnapped person is recorded through the phone signal. Within the scope of labor law and social security law, it becomes mandatory to record the personal data of the employee in order to keep the employee’s personal files. In this case, the reason for compliance with the law is realized in terms of fulfilling the legal obligation from the point of view of the employer.
c. Unlawful delivery or acquisition of data
In Article 136 of TCC it is regulated that “Any person who unlawfully delivers data to another person, or publishes or acquires the same through illegal means is punished with imprisonment from two year to four years.”. In the sub-article 2 of the Article 136 it is stated that “ In the event that the subject of the crime is the statements and images recorded in accordance with the fifth and sixth paragraphs of Article 236 of the Criminal Procedure Law, penalty to be imposed shall be increased by one fold.”. In short, with this regulation, this crime will occur if the actions that fall within the scope of the processing of personal data, delivers data to another person, or publishes or acquires are carried out unlawfully. In other words, a limited number of actions within the scope of the processing of personal data are regulated as a crime if they are performed unlawfully with this article. In the case of acquisition, delivery and publishment of the investigation statements and images of the victims of sexual abuse and the victims of child molestation crime specified in the five and sixth paragraphs of the CMK article 236, the penalty to be imposed will be increased by one fold.
There is a incoordination between the article and the title of the article. First of all, while personal data is mentioned in the article text, only the word “data” was used instead of “personal data“ in the title; while the delivery of data in the article was also regulated as a crime, the delivery act was not regulated in the article title.[6]
The legal value protected in this crime is the same as the crime of recording personal data regulated in TCK 135. The value protected in this crime is the protection of a person’s private life, which also includes the possibility of self-realization and development by creating an autonomous and free space of one’s own, and the protection of human dignity in this context. By respecting a person’s private life, creating a free autonomy, allowing a person to realize himself, and preventing a person from being seen as a tool ensures the protection of a person’s dignity.
The subject of the crime is personal data, and the issue of what personal data may be will not be explained again here, as it was explained above. The crime in question includes selective acts. Whether one or more of the acts of acquiring, delivering to someone else or publishing occur at once, a single crime will occur. The act of delivering is an action that takes place between two people. The act of publishing is to announce it to many people. Delivering and publishing actions require the transfer of personal data. Publishing, as a rule, can also include delivering. Delivering and publishing actions can be done through mass media, as well as without using a direct tool. There is no need for personal data to have been illegally acquired for delivering and publishing actions. If those who hold personal data in accordance with the law deliver or punlish personal data unlawfully, this crime will occur.
The act of acquiring personal data is to obtain personal data belonging to someone else, to take it under your own . Acquiring may be physical, as well as from the digital environment via the Internet. The acts of delivering, publishing and acquiring are actions to be performed. The crime will be completed when the delivering, publishing and acquiring actions occurs unlawfully. There is no need for harm. The crime in question is a crime that can be committed with the general intention and cannot be committed by negligence. A crime will occur if personal data is acquired, delivered and published knowingly and willingly in a way that is contrary to the law. The mens rea of the offender is not important.
In order for a crime to occur, the actions of acquiring and publising must be unlawful. The principles for the processing of personal data are set out in the Personal Data Protection Law No. 6698. The acts of acquiring, delivering and publishing of personal data are in the scope of the processing of personal data, and the issue of when these acts will be unlawful is regulated in the Personal Data Protection Law. In Article 5 of the Law, it is regulated that personal data shall not be processed without explicit consent of the data subject. The situations in which personal data can be processed without explicit consent are determined by counting method in the same article. Consent must be an explicit consent. The issue of what should be understood from explicit consent has been explained above [7]. At the time when personal data are obtained, the data controller or the person authorised by it is obliged to inform the data subjects about the following: the identity of the data controller and of its representative, if any, ;the purpose of processing of personal data;to whom and for which purposes the processed personal data may be transferred; the method and legal basis of collection of personal data After the said information is made, explicit consent will be obtained, then personal data will be obtained and personal data can be processed within the limits specified within the scope of the information.
The situations in which personal data can be processed when there is no explicit consent in the Protection of Personal Data Law are determined in Article 5 of the Law. These situations are: being expressly provided for by the laws; necessity for the protection of life or physical integrity of the person himself/herself or of any other person, who is unable to explain his/her consent due to the physical disability or whose consent is not deemed legally valid ; processing of personal data of the parties of a contract is necessary, provided that it is directly related to the establishment or performance of the contract; necessity for compliance with a legal obligation to which the data controller is subject; personal data have been made public by the data subject himself/herself; data processing being necessary for the establishment, exercise or protection of any right; processing of data being necessary for the legitimate interests pursued by the data controller, provided that this processing shall not violate the fundamental rights and freedoms of the data subject. Apart from these situations, there are regulations on the reasons that eliminate or reduce the criminal responsibility applicable to all crimes in the TCC as:Mandatory Provision and Order of the Supervisor (TCK 24), Self Defense and State of Necessity (TCK 25) , Use of a right and consent of the concerned body (TCK26).
The case of provision of the law is fulfilled or that this issue is clearly written in the law comes in advance of the situations where personal data can be acquired, delivered to others and published without explicit consent. Because of the impossibility of performance regulated in Article 5 of the Personal Data Protection Law, the regulation that allows the acquisition, delivery and publication of personal data without explicit consent to be mandatory for the protection of the life or bodily integrity of a person who cannot disclose his consent or whose consent is not legally valid, corresponds with the state of necessity regulated in Article 25 of the TCC. The crime is a attempt to accomplish offense. In addition, any kind of participation in this crime is possible.
ç. Qualified forms of offense
In Article 137 of TCC the qualified forms of offenses are regulated: In case of commission of the offenses defined in above articles; a) By a public officer or due influence based on public office, b) By exploiting the advantages of a performed profession and art, the punishment is increased by one half. If a qualified state will not occur when the crime is committed by a public official, the authority given by the duty will be abused, the crime will be committed by using it, in other words, the public official will have to have committed the crime in question in relation to a matter in which he has authority. Public Officer is defined as “Any person selected or appointed to carry out public duty for a temporary or permanent period.” in Article 6 of TCC. As such, the qualified form of the crime in question is the specially regulated form of the misconduct in office regulated in Article 257 of the TCC. Another qualified condition is that the crime is committed by exploiting the advantages of a performed profession and art. For example, a doctor who works as a freelancer gives his patient’s personal data, a computer repairman acquires personal data and shares it with others can be cited as an example. The qualified form mentioned above is also valid within the crime of recording personal data regulated under Article 135 of the TCC.
d. The Crime of Failure to Destruction of Data
The crime of failure to destruction of data is regulated in Article 138 of the law entitled as “Destruction of Data”: In case of failure to destroy the data within a defined system despite expiry of legally prescribed period, the persons responsible from this failure is sentenced to imprisonment from one year to two year. In the event that the subject of the crime is data that must be erased destroyed according to the provisions of the Criminal Procedure Law, the penalty to be imposed is increased by one fold.
Even if personal data is collected in accordance with the law, this does not mean that they can be stored or retained for a indefinite period of time. They are can not to process personal data indefinitely. Personal data processed with the consent obtained at the beginning or for other reasons of compliance with the law will not be stored indefinitely. In the justification of Article 138 of the TCC it was stated that the failure to destroy the personal data recorded in accordance with the law, despite the fact that the periods determined by the law have elapsed, has been defined as a substantive felony.
In Article 7 of the Personal Data Protection Law “Despite being processed in compliance with the provisions of this Law and other relevant laws, personal data shall be erased, destructed or anonymized by the datacontroller, ex officio or on the request of the data subject, in the event that the reasons for the processing no longer exist…Procedures and principles for the erasure, destruction or anonymization of personal data shall be laid down through by-law.” By-law About Personal Data Being Erased, Destructed or Anonymized is published on 28.10.2017. In Article 17 of the Personal Data Protection Law it is regulated that “Those who do not erase or anonymize personal data as contrary to the provision of Article 7 of this Law shall be punished in accordance with Article 138 of the Law No. 5237.” Failure to destruction of data is regulated as a crime in Article 138. Instead of destruction the Personal Data Protection Law also used the terms like erasing and anonymizing; and in Article 17 it is regulated that “those who do not erase or anonymize personal data as contrary to the provision of Article 7 of this Law shall be punished in accordance with Article 138 of the Law No. 5237.” Anonymization is regulated as “Rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data” in Personal Data Protection Law. In the 4th Article of By-law About Personal Data Being Erased, Destructed or Anonymized; erasing, destruction or anonymizing of personal data is defined as destruction.
In Article 20 of the Constitution it is stated that everyone has the right to demand respect for his/her private and family life, and This right includes being informed of, having access to and requesting the correction and deletion of his/ her personal data, and to be informed whether these are used in consistency with envisaged objectives. Relevant person can request the data to be deleted. İlgili kişi kendisiyle ilgili kişisel verilerin silinmesini talep edebilecektir. Also Article 11 of the Personal Data Protection Law regulates that the relevant person has the right to to request the erasure or destruction of his/her personal data.
The value protected in the crime is the human dignity as discussed above with the possibility of self-realization and development by creating an autonomous and free space of one’s own. Offender of this crime is the is the officials who are obligated to destroy the data. These officials may be public officials, as well as other real persons
In order for the crime to occur, the real person who is obligated to erase, destruct and anonymize the personal data did not fulfill his/her duty when the legal reason requiring the processing of the personal data that was initially processed or being processed in accordance with the law disappears or upon the request of the person concerned. The destruction of personal data is the process of making personal data inaccessible, unrecoverable and unusable by anyone in any way.
The TCC does not contain any regulation on how long the personal data will be processed and by which procedure it will be destroyed. It is regulated that the periods regarding how long the personal data will be kept will be determined in the relevant laws. When a period is not determined in the laws, or when the period is determined by a by-law or administrative procedure, or when there is no such regulation, the issue of whether a crime will occur becomes important. The crime is a crime that can be committed by a negligent action. As is generally accepted in these type of, an attempt is not possible. The victim is a real person whose privacy has been violated by not erasing personal data. The subject of the crime is personal data, the details of which are described above. The fact that personal data is kept in an information system or a physical filing system does not matter from a criminal point of view. A crime is a crime that shall be committed by intention, a special intent(mens rea). Any kind of participation in the crime is possible. The crime is not bound to a complaint.
e. Crime of Violation of Communicational Secrecy
In Article 132 of TCC it s regulated that: “ (1) Any person who violates secrecy of communication between the parties is punished with imprisonment from one year to three years, or imposed punitive fine. If violation of secrecy is realized by recording of contents of communication, penalty to be imposed shall be increased by one fold. (2) Any person who unlawfully publicizes the contents of communication between the persons is punished with imprisonment from two year to five years. (3) Any person who openly discloses the content of the communication between himself and others without obtaining their consent, is punished with imprisonment from one year to three years; the punishment determined for this offense is the same in case of disclosure of contents of communication between the individuals through press and broadcast.”. The basis of the crime of Violation of Communicational Secrecy is based on the right to “privacy of private life” regulated in Article 20 of our Constitution and the “freedom of communication” regulated in Article 22. In Article 22 of our Constitution it is stated that “Everyone has the freedom of communication. “
According to the Court of Cassation, “Two or more people that can be determined, acting with a legimitate belief and intention, with paying attention to the protection of privacy, reading or listening the information, thoughts, feelings and attitudes they share by suitable tools (Internet, telephone, radio, fax, letter, Telegram, etc.) and common symbols (word, writing, sign, etc.); the act of being learned by another person or persons, whether related to private life or not, by making a special effort, directly or indirectly (as in a letter held to the light without opening the envelope), by reading or listening, will form the crime regulated in Article 132/1-1. “the act of recording the communication contents of others, that is, fixing common symbols such as writing, sound, images, special signs, by moving them onto another object (for example, by moving the sound or image onto a magnetic tape, passing the writing onto another paper, notebook, etc. object, making a copy, transferring an electronic message to a portable memory or CD, etc.)” will form the matter of aggravation of the second sentence of 132/1. “the act of disclosing the communication contents of others without the consent of the person or persons concerned, that is; dissemination, disclosure, announcement to the public, in summary; the act of presenting its contents to the information of a person or persons who are not authorized to learn” will form the crime regulated in Article 132/2. Court of Cassation stated that “an act of disclosing the content of a communication made with a person in a public environment that is not specific and has the possibility of being perceived by more than one person, without the consent of the person concerned or those concerned, will be considered within the scope of the crime of violating the confidentiality of communication defined in Articles 132/3.”[8].
It is contained in the 4th paragraph of the article as “The punishment determined for this offense is increased by one half in case of disclosure of contents of communication between the individuals through press and broadcast.” and it is repealed by Article 79 of the Law No. 6352, which entered into force through publication in the Official Gazette dated 05.07.2012, Amending Some Laws in Order to Activate Judicial Services and Postponing Trials and Sentences for Crimes Committed through Press Publication. Instead, the sentence is added to Paragraph 132/3 “The same penalty is imposed if these disclosed data are published through the press and publication.”
Communication is defined as the communication between two people that is private because people do not share it with others, not directly, but through an instrument. In order for the crime to occur it does not matter by what means it is made like telephone, telegram, electronic mail, letter, etc. The crime regulated in paragraphs 132/1 and 2 may be committed by a person who is not a party to this communication. As stated in the justification of the law, Violation of Communicational Secrecy only by listening or reading constitutes the basic form of this crime. However, this violation of privacy is defined as a qualified form of this crime by recording the content of communication, that is, what is spoken or written. For example, if telephone conversations are recorded with a voice recorder, this qualified version of the crime takes place. The element of unlawfulness of the crime is that the material element is carried out without relying on the authority given by the law; the act will not constitute a crime if it is used by the authorized person in compliance with the procedures and conditions of the authority given by the law and even if the law allows it. The crime in question is a complaint-related crime.
The crime regulated in paragraph 132/2 of the Turkish Criminal Code will consist of the disclosure and dissemination of the contents of communication, that is, ensuring that unauthorized persons learn about it. The point that should be emphasized here is that disclosure should be illegal. In this regard, for example, if recordings of telephone conversations between people are provided for listened to or read openly at the trial in the prosecutor’s office or court, the crime in question will not occur. On the contrary, while still at the investigation stage, this crime will occur if the content of conversations between people is published on television or newspapers, even if they are recorded in accordance with Decency, for example.
The offender of the crime regulated in Paragraph 132/3 of the Turkish Criminal Code is one of the parties to the communication. A crime will occur when a person publicly discloses the content of communications made with him without the consent of the other party. In order for this crime to occur, disclosure must be made publicly. In this regard, for example, if a person reads a letter sent to him to someone else without the knowledge and consent of the sender, this crime will not occur. On the other hand, if the letter is read publicly without the knowledge and consent of the sender, hung somewhere to ensure that it is read by others, or published through the press and publication, the crime in question will occur. The Court of Cassation accepts disclosure as “disclosure to be shared in a public environment where it is possible to be perceived by more than one person in order for disclosure to take place.” The Court of Cassation ruled that “since the defendant did not disclose the communication content to which he was a party in a public environment that was not specific and could be perceived by more than one person in the act of sending the communication content subject to the complaint to the electronic mail address of the witness, the legal elements of the crime of violating the secrecy of communication regulated in Article 132/3 of the Turkish Criminal Code did not occur”. [9]
The General Assembly of Criminal Chambers has decided that recording a person’s communication with others about a crime committed against him will not constitute a crime and will be accepted as legal evidence in cases where no other evidence can be obtained. The decision stated that “in relation to a crime committed against the person himself, the audio recording submitted by the participant was recorded illegally without the knowledge and consent of the defendants, although it was not accepted as legal evidence; regarding a crime committed against a person, it is mandatory to accept that it is in accordance with the law to record conversations with the other party in sudden situations, such as when there is no possibility to obtain evidence and apply to the competent authorities again.” [10]
In particular, in divorce cases, the Court of Cassation does not accept it as a crime under certain conditions for one of the spouses to record the communication that the other makes with others and submit it to the court. The Court of Cassation decided that “recording a communication and submit the CD which contains this record as evidence to file a lawsuit pending actions in the given format, the crimes regulated in TCC can occur but it is understood that he/she did not act with the consciousness that he/she acted unlawfully. The defendant did not put forward a claim relating to the defendant in the divorce proceedings with the aim of proving its claim in action, it can not be claimed that the defendant shared the details of the communication the third person or persons and/or duplicated and distributed so and there was no injustice in deciding to acquit the accused.”
It should be evaluated to be commited such as; in the case of the communication informations contains personal data by the seizure of reading, listening, the crime regulated in Article 136 of TCC as Unlawful delivery or acquisition of data Reading; in the cases of the recorded data contains of personal data, the crime regulated in Article 135 of TCC as The Crime of Recording of personal data and when recorded communication contains personal data, the crime of Unlawful delivery or acquisition of data regulated in Article 136 of TCC. If the person who causes the formation of more than one different crime with an act he/she commits, he/she must be punished for the crime requiring the most severe punishment; which is regulated in Article 44 of the Turkish Penal Code with the title “conceptual aggregation”.
f. Crime of Tapping and recording of conversations between the individuals
Tapping and recording of conversations between the individuals is regulated in Article 133 of TCC as: “(1) Any person who listens non general conversations between the individuals without the consent of any one of the parties or records these conversations by use of a recorder, is punished with imprisonment from two years to five years. (2) Any person who records a conversation in a meeting not open to public without the consent of the participants by use of recorder, is punished with imprisonment from six months to two years, or imposed punitive fine. (3) Any person who derives benefit from disclosure of information obtained unlawfully as declared above, or allowing others to obtain information in this manner, is punished with imprisonment from two years to five years, or imposed punitive fine up to four thousand days. The same punishment occurs if this information is published via press and publication organs.”. In the justification of the text of the article, the main condition for the occurrence of a crime contained in the article is that the conversation should be private, not public, listening and recording a conversation made publicly on a microphone held to the mouth will not constitute a crime. If the powers recognized by the law for official officials in terms of investigating crimes and tracking criminals are used in accordance with the law, the crime will not occur.[11]
A non-public conversation or interview is a conversation or interview that is not shared with third parties that are not wanted to be known to everyone, that does not need to be known [12]. Listening to or recording conversations that are not public, as well as recording a non-public conversation that is attended with a voice retrieval device without the consent of other persons participating in the conversation, actions or the act of disclosing recorded conversations are regulated as a crime with the article. The conversations covered by the article are not by phone, etc. They are not conversations to be held through communication tools, but rather non-public conversations or interviews conducted face-to-face. Video calls made over the Internet will not be covered by this article.
In the decision of the General Assembly of Criminal Chambers, the court accepted the evidence related to the crime as unlawful evidence because the conversations were not listened and recorded in accordance with the conditions set out in the Code of Criminal Procedures. In the decision it is stated that “in the case, the participant recorded the telephone and media conversations of the defendants of the crime of “Securing a Benefit for a Task outside the Scope of Authority” defined in Article 255 of the Turkish Penal Code No. 5237 for more than 5 months. These records are “evidence obtained unlawfully”, both because the crime attributed to the defendants is not one of the catalog crimes specified in Articles 135 and 140 of the Criminal Code, and because they are not based on the decision of a judge or public prosecutor.” [13]
The Court of Cassation has decided that this crime will not occur if the face-to-face conversations are recorded and given to the investigating authorities as evidence within the scope of a judicial and administrative investigation. The 12. Criminal Chamber of the Court of Cassation stated that “the defendant recorded the conversations that he/she made with the attendees face to face and gave this CD which contains the recordings of the communication as evidence in the investigation. To record the conversations between the people can be counted as a crime in Article 133, but it can not be claimed that the defendant shared the details of the communication the third person or persons and/or duplicated and distributed. It is understood that he/she did not act with the consciousness that he acted unlawfully with the aim of proving its claim in action so the there was no injustice in deciding to acquit the accused.”[14]
in the event that a non-public conversation or conversation that is listened to, recorded or illegally disclosed contains personal data, the crime should also be evaluated in terms of the elements of “recording personal data”, “giving or seizing data illegally” and the person who causes the occurrence of more than one different crime with an act committed should be punished for the crime that requires the most severe punishment, which is found in the article entitled “conceptual aggregation” in Article 44 of the Turkish Criminal Code.”
g. Crime of Violation of Privacy
Violation of Privacy is regulated in Article 134 of the TCC as: “(1) Any person who violates the privacy of another person’s personal life shall be sentenced to a penalty of imprisonment for a term of one to three years. Where the violation of privacy occurs as a result of recording images or sound, the penalty to be imposed shall be increased by one fold. (2) Any person who unlawfully discloses the images or sounds of another person’s private life shall be sentenced to a penalty of imprisonment fro a term of two to five years. Where the offence is committed through the press or broadcasting, the penalty shall be the same.”
Article 134 of the TCC has been amended by Article 81 of the Law No. 6352, which was adopted on 02.07.2012 and published in the Official gazette dated 05.07.2012 and numbered 28344. The reason for the amendement was the increase in attacks against people’s private lives, especially in the digital environment, and the need to provide deterrence. The six-month to two-year prison sentence or judicial fine provided for in the text of paragraph 1 of the Article and for the basic form of the crime has been changed to one to three years in the form of imprisonment. In the same paragraph, the prison sentence provided for the qualified state of the crime covering the violation of private life by recording images and sounds has been amended in such a way that the lower limit of the penalty cannot be less than one year, while the penalty to be imposed is increased by one fold. While the penalty to be given to anyone who discloses images or sounds related to the private life of individuals is “imprisonment from one to three years”, this penalty has been amended to “imprisonment from two to five years” with the amendment made. If the crime is violated through press publication, the regulation stating that “the penalty will be increased by half” has been amended and it has been stated that “the same penalty will be imposed” if the crime is committed through press publication.
The right to privacy of private life is regulated in Article 20 of the Constitution. In accordance with this regulation, the state has the obligation to prevent arbitrary interference with the private lives of individuals, effectively protect and respect the right to respect for private life. Looking at the text of the article, it is seen that the purpose of the regulation is to protect the privacy of private life. As can be understood from the content of the article, any kind of action that does not respect the privacy of the private lives of real people is considered a crime. If the act that violates the privacy of private life is commited with the image and sound recording, the of qualified form of the crime will occur and the punishment will be increased by one fold. In the event that the unlawful disclosure of audio and images related to private life is carried out through the press and publication, the penalty is also determined by increasing.
The actions covered by the article are not a limited number of actions. A crime will occur when information that should remain confidential in a person’s private life is learned without consent. In this context, if it is determined what the boundaries of the private life of individuals are, it will also be determined which types of actions will constitute this crime. In accordance with the principle of legality of crime and punishment contained in Article 38 of our Constitution, Article 2 of the TCC emphasizes which actions are considered crimes and the punishment to be imposed for these actions should be shown in the law in a way that leaves no room for doubt. In Article 2 of the Constitution, the principle of clarity and definiteness, which is one of the basic principles of the rule of law, is regulated. According to this principle, it is regulated that legal regulations should be clear, unambiguous, understandable and applicable in a way that does not give room for hesitation and doubt. The principle of clarity and definiteness is connected with legal security, only in this way can a person see his obligations and determine his behavior. In this context, determining the boundaries of private life is important in terms of this crime.
The approach of the Constitutional Court regarding private life is that private life is a broad concept and it is quite difficult to make an inclusive definition of this concept.[15]. In a decision to the court regarding private life, “The concept of private life is a broad concept that does not have a complete definition. The legal value protected in this context is essentially personal independence, and this protection indicates that, on the one hand, everyone has the right to live in a private environment away from all unwanted interventions. On the other hand, it is clear that the concept of private life cannot be demoted to the concept of maintaining everyone’s personal life in the way they want and keeping the outside world separate from this circle.”[16] In a different decision, the Constitutional Court stated, “One of the legal interests protected within the scope of the right to respect for private life is the right to privacy of an individual. However, the right to privacy does not only consist of the right to be left alone, but also includes the legal interest of the individual to control the information about himself.
An individual has an interest in not disclosing any information about him without his consent, not spreading it, not being able to access this information by others and not being able to use it with his consent, in short, this information remains private. This aspect points to the right of an individual to determine the future of information about himself. In addition, the right to privacy applies to many different situations such as name, image, reputation, family information, sexual identity, health, confidentiality of communication. In this context, information about the ethnic or sectarian origins of persons should also be evaluated within the scope of the right to privacy within the right to respect for private life.” [17] In their most often cited in decision 2013/9660, the boundaries of private life “private life, primarily individuals that can enter into the most intimate relations with other people develop their own individuality and is pointing to a conceptual and physical space. This area of privacy covers a private area in which the State cannot interfere or intervene minimally for legitimate purposes. The place of an individual’s right to privacy is, as a rule, private space. However, the right to the protection of private life may also extend to the public sphere in some cases. Because the concept of legitimate expectation makes it possible to protect the privacy of individuals in the public sphere under certain conditions.”
The Court of Cassation decisions about private rights states that “private life; not only that they do not share with others away from a person’s eyes, behind closed doors between the space and privacy, it is something that not everyone knows, or should know, that can be explained to other people when requested, completely contains a complete set of life events and personal information. Therefore, being in a public place does not mean that consent is given to listening, monitoring, recording, continuous and unauthorized possession of every image or sound in this area. Even when it was made in a public place, “the principle of not getting attention in a crowd, not being recognised” is valid The person in the public domain where they go, who they go to, why, how, where and when they meet, in order to determine issues such as information obtained as a result of constant supervision and surveillance, or activities that they do not want to be seen and known by others, when they enter the private life area, there is no doubt that events and information that do not contain continuity and are not included in the private life area cannot be evaluated within the scope of the concept of private life; however, events and information that do not contain continuity and are not included in the private life area cannot be evaluated within this scope.
As a result, in determining whether an event or information fell within the scope of private life and society within one’s location, occupation, task, is not recognized by the public, outward behavior, consent and projections, the characteristics of the physical environment in which it resides, social relationships, should be taken into consideration criteria such as the degree of intervention.”[18] The Court of Cassaion has ruled that the right to privacy of private life will not completely disappear with marriage, and that the parties who are married and share the same environment cannot monitor and supervise each other indefinitely.
Another important issue related to the issue is the assessment of which crime will occur when the data obtained within the scope of private life are also considered as personal data. The Court of Cassation makes a distinction between personal data and the ancestor of private life. It has decided that the action of the accused, who disseminated the photograph of the victim taken because of the pose he had given at the wedding to others, should be considered within the scope of the crime of illegally giving or seizing data, and the image will not be considered as an image related to private life.[19]. The Court of Cassation stated that “the Facebook photos posted on the site of two people living together with the consent of the victim, then despite the lack of consent of the victim to continue to publish, cannot be regarded as images of that would violate the privacy of private life, but it can form the crime regulated in TCC 136/1”[20]. In another decision, the Court of Cassation, “a picture of the victim in the nature of the personal data, the fake Facebook account issued through the article and paragraph of the defendant’s actions unlawful possession of data as defined in TCC 136/1 would constitute the crime of the issuance or would create the crime of article and paragraph 134/2 held in breach of privacy”.[21]
The Court of Cassation in a case of the act of recording and storing the nude photos and sexual intercourse in their phone with an underage victim,under the age of 15 to be exact, stated that “since the existence of the consent of a child who has not completed the age of 15 cannot be considered as a consent and compliance reason, it constitutes the crime of recording data in violation of the law. Also even if the obscene images are considered within the scope of violation of the privacy of private life, the act constitutes the crime of using children in the production of products containing obscene images, writings or words regulated in paragraph 226/3 of the Turkish Criminal Code, which makes more severe punishment necessary within the scope of conceptual aggregation in Article 44.Code”[22].
Actions like; Surveillance of someone’s home, learning the contents of the employee’s personal computer at work, mixing up private documents, etc. may fall within the scope of this crime. In the commission of a crime by recording audio and images related to private life, information about private life is slightly more restricted, but in the case of recording this information, the penalty is increased. The mentioned audio and video are also included in the scope of personal data. However, if the content of personal data belongs to private life, first of all, the crime of violation of the privacy of private life under Article 134 should be taken into account. The crime in question is subject to a complaint.
h. Disclosure of Confidential Documents or Information Relating to Commerce, Banking or Private Customers
In Article 239 of TCC Disclosure of Confidential Documents or Information Relating to Commerce, Banking or Private Customers “(1) Any person who discloses confidential information, or documents, relating to commerce, banking or private customers, which he holds by virtue of his title, duty, profession or trade, to an unauthorized person shall be subject to a penalty of imprisonment for a term of one to three years and a judicial fine up to five thousand days, upon complaint. Where such information or documents are disclosed to an unauthorized individual by a person who unlawfully acquired such information or documents, such person shall be subject to a penalty in accordance with this paragraph. (2) Paragraph 1 shall apply to information relating to scientific invention and discovery, and the industrial implementation of such. (3) Where such confidential information is disclosed to a non-citizen (who is not resident in Turkey) or his staff, the penalty shall be increased by one third. In such case, no complaint is required (4) Any person who, by using force or threats, compels another to disclose the information or documents within the scope of this article shall be subject to a penalty of imprisonment for a term of three to seven years.”
The regulation in question is regulated under the heading of ”Offences Against the Economy, Industry and Trade”. In this context, it is seen that the value protected in the crime is essentially trade secrets, banking secrets or customer secrets. In the justification of the law, it was stated that the value protected in crime is scientific and industrial secrets, and thus trust will be protected in professional fields. The secrets belonging to the state and the secrets protected in Article 258 of the Turkish Criminal Code related to civil service are not included in the scope of the secrets here. Commercial banking and customer secrets belonging to legal entities are also included in the secrets covered by the article. It should not be forgotten here that personal data are data related to real people, considering that all kinds of commercial, banking and customer secrets will not be included in the scope of personal data, it is seen that data related to real people can be evaluated within the scope of this article.
In order for the crime to occur, first of all, the offender must have access to information about trade secrets, banking secrets or customer secrets by virtue of his adjective or duty or profession or art. However, apart from this, a crime will be committed if the secrets in question are given or disclosed to unauthorized persons by persons who obtain them by illegal means. In order for a crime to occur, the information learned must be given or disclosed to unauthorized persons. The Article prohibits persons from disclosing trade secrets, banking secrets or customer secrets that they have learned under certain conditions and obliges these persons to keep secrets. The crime consists in the violation of the obligation to keep secrets in question. In cases where the perpetrator makes a statement knowing that what he is disclosing is a secret and that he should keep it secret, a crime will occur.
The form of the crime regulated in the first paragraph is subject to a complaint. If the secrets are related to scientific discoveries and inventions or commercial applications, if the secrets are disclosed to a foreigner or his officer who does not live in Turkey, the crime will not be subject to a complaint and will be prosecuted ex officio. In case of disclosure of secrets to a foreigner who does not live in Turkey, the penalty will be increased.
i. Disclosure of Confidential Information in Respect of a Duty
Disclosure of Confidential Information in Respect of a Duty is regulated in Article 258 of TCC as “(1) Any public officer who publishes or discloses any confidential document, decision, order or other official notification under his control, or within his knowledge, by virtue of his office, or who facilitates, by any means, the access to such information by another shall be sentenced to a penalty of imprisonment for a term of one to four years. (2) The same penalty shall be applicable where a public officer commits such an offence after the expiry of his status as a public officer.”
The crime in question is regulated under the title of Offences Against the Reliability and Functioning of the Public Administration in the TCC. We assess that the purpose of regulating this crime is to ensure the reliability of public administration, unlike the protection of personal data. Within the scope of this crime, it should be evaluated whether this crime will occur if there are personal data in the document decisions and orders that should remain confidential disclosed and disclosed by the officer. Looking at the justification of the article of the law, as explained in the justification, the crime in question is formed as a result of the disclosure of documents, decisions, orders and other notifications that the officer has learned due to his official duties and should remain confidential.
The material element of the crime is to disclose, publish or by any means facilitate the acquisition of information by someone else about matters that should remain confidential. The offender of the crime is an officer. The crime can also be committed if the officer’s duty ends later for reasons such as retirement or withdrawal because the law has imposed on the officer the obligation to keep secret decisions, orders and notifications that should remain confidential. Documents that should remain confidential information, orders and decisions should be determined by law. When evaluating whether this crime will occur if the officer discloses the personal data he has learned in accordance with his duty, the crime of Illegally Obtaining or Giving Data in Article 136 of the TCC should also be taken into account in terms of its elements.
The scope of the secrets related to the mission will be able to include personal data according to the nature of the event. In this direction, it should not be ignored that the documents, decisions, orders and notifications for the execution of the task within the scope of the secret may also contain personal data. When the content of the secrets disclosed by the officer is personal data, it would be correct to make an assessment in terms of the crime of giving personal data regulated in Article 136 of the Turkish Criminal Code, which is regulated as a more specific norm in this regard. If the crime is committed by an officer within the scope of the qualified situations available in Article 137 of the Turkish Criminal Code, the penalty will be increased.
j. Accessing a Data Processing System
In Article 243 of TCC “(1) Any person who unlawfully accesses, partially or fully, a data processing system, or remains within such system, shall be subject to a penalty of imprisonment for a term of up to one year or a judicial fine. (2) Where the act defined in the aforementioned paragraph is committed in relation to a system which is only accessible upon the payment of a fee, then the penalty to be imposed shall be decreased by up to one half. (3) Where any data within any such system is deleted or altered as a result of this act, then the penalty to be imposed shall be a term of imprisonment of six months to two years. (4) To transfer data between systems within a system or computing system without entering the technical means contrary to law shall be punished with imprisonment from one year to three years for a person who follows.
The crime in question is organized under the subtitle “Accessing a Data Processing System
” in the tenth section under the heading “Offences Related to Data Processing Systems” in the “Third Part” of the TCC. In the justification of the law, it is stated that the concept of “information field” refers to magnetic systems that provide the possibility of collecting and placing data and subjecting them to automatic operations, and the concept of information system refers to the system that automatically processes information. In the first paragraph of the article, no matter for what purpose, this crime will occur if a part or all of the information system is illegally entered or remains there after being entered. It does not matter whether the person who entered the system illegally acted with the aim of obtaining certain data or obtained them. The fact that it has been entered into the system unfairly and deliberately is enough for a crime to occur. The subjective elements of the crime is the general intent. If the data is destroyed or changed after entering the information system, the penalty will be increased. The act of obtaining data by technical means without entering the information system is also regulated as a crime within the scope of the same article.
Systems that can be used for a fee, for example, electronic libraries, archives, etc. it is stipulated that if the fee is entered without paying, the penalty will be reduced. Using someone else’s password and user name, entering the UYAP system without the user’s consent will constitute this crime. [23] Someone else’s electronic mail addresses, social networking accounts, to be entered for a Facebook account, especially computing system via spy software programs or e-mail addresses and social networking accounts to be entered in the accounts in question are entered in the account after changing the password for the company over the computer by entering the collection of information from unauthorized sections shall constitute the crime in question. Establishing an internet connection over someone else’s wireless line will not constitute this crime, but the crime of Benefiting Without Payment regulated in Article 163 of the Turkish Criminal Code.
The beginning of information crimes starts with entering the system first. Computer hacking, code-breaking actions performed with the terms are such actions. After unauthorized entry into the information system, different crimes are also committed. Sometimes the violation of the privacy of private life is committed, sometimes the unlawful seizure of personal data, and sometimes the violation of the confidentiality of communication is committed after the crimes.
The crime in question can take place in the form of physically entering an existing computer, or it can also take place in the form of entering via a network, bluetooth or infrared light. In order for the crime to occur, it is accepted that the crime in question will not occur when it is entered into the information system and immediately exited. Similarly, it is stated that this crime will not occur if the information system entered in accordance with the law should be exited while it is not exited.
k. Preventing the Functioning of a System and Deletion, Alteration or Corrupting of Data
In Article 244 of TCC “(1) Any person who prevents the functioning of a data processing system or renders such useless shall be subject to a penalty of imprisonment for a term of one to five years. (2) Any person who deletes, alters, corrupts or bars access to data, or introduces data into a system or sends existing data to another place shall be subject to a penalty of imprisonment for a term of six months to three years. (3) Where this offence is committed in relation to a data processing system of a public institution or establishment, bank or institution of credit, then the penalty to be imposed shall be increased by one half. (4) Where a person obtains an unjust benefit for himself or another by committing the acts defined in the aforementioned paragraphs, and such acts do not constitute a separate offence, he shall be subject to a penalty of imprisonment from two years to six years and a judicial fine of up to five thousand days.”
As stated in the justification of the law, crimes committed against information systems and actions that cause damage to information systems are punished with this type of crime. In the crime specified in the first paragraph of the article, the actions taken against the physical existence of the information tool and all kinds of actions aimed at preventing and disrupting the functioning of the information system are included. In the second paragraph of the article, the intentional insertion of data into the information system or the destruction or modification of data, making the system inaccessible to the data in the system, has been made an existing crime. In the third paragraph of the article, it is regulated that if the actions covered by paragraphs one and two are committed against the information system of a bank, credit institution or public institution and organization, the penalty will be increased by half. In the fourth paragraph of the article, it is regulated that if the offender enters the information system in order to gain an unfair interest for himself or someone else, the penalty will be increased and a judicial fine will also be imposed. The words “an unfair interest” mentioned in the paragraph express material benefits. However, in order for the penalty to be imposed in accordance with the provision of this paragraph, the act must not constitute another crime requiring a more severe penalty.
In the General Assembly of Criminal Chambers decision No. 2007/136 E and 2007/150 K, the word “informatics” is more comprehensive than the word “computer” in computer and informatics. Computer (Computer, Electronic Brain) arithmetic and logic operation according to the schedule created with the array data (information) that holds the common name given to the system while it is subject to automated processing, Informatics (informatics), of the information utilized by the computer, storage, transmission and processing are subject to the academic and professional discipline that is used by that name; in other words, the science of computing. In order to be able to describe whether an activity is an information activity, it is necessary to look at whether that activity is included in the computer system.
More clearly, the answer to this question should be given. Is the activity based on a computer system; or is the computer used as an element that helps to realize this activity? So is the computer-aided? The ATM application of banks is an information activity because it is computer-aided. Because when this system crashes for any reason, this activity never happens either. If an example is given against this, the fact that aircraft companies use computer systems in ticket sales, that is, that the activity is computer-aided, is not an information activity. Because although these systems facilitate, accelerate and make the activities of these companies more efficient, they are not the defining element of the activity.”
The changes made by the defendant on the magnetic phone cards that have expired credit, the system perceives the data differently and thus misleads a system that has automatically processed the information and provides credit to the empty magnetic card, and thus obtaining illegal benefits using a system that automatically processes the information, will constitute the crime in question.
When the decisions of the the Court of Cassation were examined, “unlawful seizure of the participant’s character in the Knight Online game” (Y 2. CD Decision No. 2019/11010 E and 2020/568 K ), “The taxpayer of the defendant, who is a freelance accountant, showing the people who do not actually work at the workplace as insured and gives the job entry declarations to the participating institution in a computer environment” (Y11 C.D. Decision No. 2026/4216 E and 2018/5166 K) “the complainant … blocked access to his e-mail address and facebook account by cracking his passwords, changing his login password to the account” (Y. 15. CD resolution 2017/7147 E and 2018/2112 K) “which they use institutionally and officially…….. the page that should normally work when you click on the link to the president of administrative and financial affairs under the administration menu on the site…. instead of opening this page…. name … that the site has been opened, that the site has been redirected in this way, that there are articles and pictures on the redirected site that do not suit the institution “ ( y. 8. C.D Decision No. 2018/1759 E and 2018/2386 K), it is seen that the actions constitute the crime of “Preventing the Functioning of a System and Deletion, Alteration or Corrupting of Data” in question.
Yalçın TORUN Attorney at Law
Warning
The above written text on our website is copyrighted to Attorney Yalcın TORUN. This written content is preserved over time with an electronic signature for the purpose of identifying ownership of intellectual property rights. The written texts on our website can be freely used by our fellow lawyers in their petitions; however, we do not permit the full, partial, or summarized publication of the texts on other websites without proper attribution.
[1] YCGK 17.06.2014 tarihli 2012/1510 E, 2014/331K
[2] Anayasa Mahkemesi Esas: 2013/122, Karar: 2014/74Tarih: 09.04.2014R.G.No: 29072R.G.Tarih: 26.07.2014
[3] Yaşar/Gökcan/Artuç, s. 4118; Mahmutoğlu, Fatih Selami, “Sır Saklama yükümlülüğü Kapsamında Hastaya Ait kişisel Verileri Hukuka Aykırı Olarak Verme veya Yayma Suçu”, cezahukuku.istanbul.edu.tr/ders-gerecleri/tiphukuku/sir-saklama.docx. E.T: 21.02.2012;
[4] ÇOKMUTLU METİN Türk Ceza Hukukunda kişisel Verilerin Korunması, Doktora Tezi ,T.C Kocaeli Üniversitesi, Sosyal Bilimler Enstitüsü, s.190
[5] Yargıtay 12. Ceza Dairesi : 2011/23504Karar: 2012/14795Tarih: 12.06.2012
[6] ÇOKMUTLU METİN Türk Ceza Hukukunda kişisel Verilerin Korunması, Doktora Tezi ,T.C Kocaeli Üniversitesi, Sosyal Bilimler Enstitüsü, s.214
[7] Bknz.
[8] Yargıtay’ın 01.07.2013 tarih 2012/17817 Esas ve 2013/17887 Karar Sayılı Kararı
[9] Yargıtay 12. Ceza Dairesi 2013/15267 E ve 2014/9012 K sayılı Kararı
[10] YCGK;nın 21/06/2011 tarih ve 2010/187 esas, 2011/131 sayılı kararı
[11] For the acceptance of a conversation between people as non-public conversation, the place where the conversation is held does not matter. In this regard, if, for example, a conversation between two people in a park can only be heard by others with special acts of Decency, there is a case of non-public conversation. Likewise, for example, a conversation between a limited number of people in a house is an non-public conversation. The crime defined in the first paragraph consists of listening to non-public speech with a device or recording it with a sound receiving device. The person who is not a party to the non-public conversation may commit the crime in question. In order for the offense to occur, it is enough that the consent of any of the parties to the conversation does not exist. In this regard, the consent of one of the parties to the conversation will not exclude the actual crime. In the second paragraph of the article, recording of non-public conversations between persons by one of the persons participating in the interview without the consent of the others is defined as a Decriminalization.
[12] Metin ÇOKMUTLU s. 149
[13] YCGK 21.06.2011 tarih ve 2010/187 e VE 2011/131 K sayılı Kararı
[14] Yargıtay 12. Ceza Dairesi 30.03.2016 tarih ve 2016/1776 E ve 2016/5346
[15] Bknz. Anayasa Mah. 16.12.2015 tarih ve 2013/6057 Başvuru Sayılı Ata Türkeri Kararı
[16] Bknz. Anayasa Mahkemesinin 2014/15792 E ve 2014/15792 K sayılı K.Ü Başvurusu
[17] Bknz. Anayasa Mahkemesinin 2014/12522 E ve 2014/12522 K sayılı Suat Özcan Başvurusu Benzer kararlar
için AYM, E.2009/1, K.2011/82, E.1986/24, K.1987/8,
[18] Bknz. Yargıtay 12. C.D 2019/4369 E , 2019/8633K sayılı Kararı
[19] Bknz. Yargıtay 12. C.D 2017/7399 E ve 2018/4291 K sayılı kararı
[20] Bknz. Yargıtay 12. CD. 2017/150 E ve 2017/6231 K sayılı Kararı
[21] Bknz. Yargıtay 12. CD. 2015/11112 E ve 2017/637 K sayılı Kararı
[22] Bknz. YCGK 2014/603 E ve 2015/66 K sayılı Kararı
[23] Bknz. Yargıtay 8. CD. 2017/23329 E ve 2020/1218 K sayılı kararı