What is the Crime of Obtaining, Giving or Disseminating Personal Data?

The crime of unlawfully giving or obtaining personal data occurs by unlawfully obtaining, giving or disseminating personal information that should remain in the confidential area of a person’s life or that is not known by everyone, as well as information that identifies or identifies the identity of the person who can be known by others. For example, a person who learns the password of a person’s bank card by installing a device in an ATM, commits “the crime of obtaining personal data”. A person who writes someone’s cell phone number in a public toilet and allows it to be disseminated commits the crime of “disseminating personal data”. A person who gives the name, surname and address information of a person to people with whom they have enmity commits the offense of “giving personal data to someone else”. In practice, this crime is also called “the crime of obtaining personal data”.

Article 136 of the TPC No. 5237 is titled “Illegally Giving or Obtaining Personal Data” and the text of the article is as follows

A person who unlawfully gives, disseminates or obtains personal data to another person shall be punished with imprisonment from two to four years (Article 136/1 of the TPC).

The offense of unlawfully providing or obtaining personal data is regulated as an optional offense. Therefore, the perpetrator must be punished by unlawfully performing any of the following three optional acts:

Interception of personal data,
Transfer of personal data to another person,
Dissemination of personal data.

The crime of unlawful acquisition, dissemination or disclosure of personal data under Article 136 of the TPC should not be confused with the following crimes, as it is a special norm crime that protects the values related to the private sphere of life:

Offense of interception, recording and disclosure of conversations,
Violation of the right to privacy,
Violation of the confidentiality of communication,
The offense of recording personal data,
Information crimes.

What is the Complaint Period and Statute of Limitations for Crimes of Violation of Personal Data?

The crime of unlawfully providing or obtaining personal data is not in the category of crimes subject to complaint. Therefore, it is not necessary for the complainant to file a complaint for the investigation of the crime. When it is learned that the crime has been committed in any way, the prosecutor’s office should initiate an investigation spontaneously.

The statute of limitations for the crime is 8 years, and in order to investigate the crime, the crime must be reported to the prosecutor’s office before 8 years have elapsed from the date of the crime. Otherwise, an investigation into the crime will not be possible as the statute of limitations will expire.

Which information is considered personal data?

The meaning of the concept of personal data, how personal data will be recorded and protected is determined by the Law No. 6698 on the Protection of Personal Data. According to the Law on the Protection of Personal Data, any information relating to an identified or identifiable natural person should be considered personal data.

The Court of Cassation defines the personal data subject to the offense as follows: “Kişisel veri” kavramından, kişinin, yetkisiz üçüncü kişilerin bilgisine sunmadığı, istediğinde başka kişilere açıklayarak ancak sınırlı bir çevre ile paylaştığı nüfus bilgileri (T.C. identity number, name, surname, place and date of birth, mother and father’s names), criminal record, place of residence, educational status, occupation, bank account information, telephone number, e-mail address, blood type, marital status, fingerprints, DNA, biological samples such as hair, saliva, nails, sexual and moral tendencies, any information that identifies or makes identifiable the identity of the person, such as health information, ethnic origin, political, philosophical and religious views, trade union affiliations, which distinguishes the person from other individuals in the society and is suitable for revealing his/her qualities and belongs to the real person should be understood; However, personal information that is known by everyone and/or can be easily accessed and known cannot be considered as “personal data” in the legal sense (Y12CD-2014/3760 k.). ).

Data such as photographs, pictures, images, video recordings, etc. belonging to the person may constitute the crime of obtaining, giving away or disseminating personal data according to the characteristics of the concrete incident, as well as the crime of privacy of private life, which is a general crime according to this crime. An image or sound belonging to private life is not accepted as personal data under Article 136/1 of the TPC. Therefore, disclosing, publishing or giving away images or sounds of private life constitutes the crime of “violating or disclosing the privacy of private life” regulated under Article 134 of the TPC. For example, since a photo taken with daily clothes cannot be considered as an image of private life, the unauthorized publication of this photo on Instagram by someone else with the name and surname information does not constitute the crime of disclosing images or sounds related to private life, but the crime of disseminating personal data under Article 136/1 of the TPC.

Personal data obtained in accordance with the law must be destroyed at the end of the periods specified in special laws. If the data is not destroyed at the end of these periods, the crime of not destroying personal data occurs.

What are the Elements of the Crime of Obtaining, Giving or Disseminating Personal Data?

The crime of unlawfully giving, disseminating or obtaining personal data; Since it is an optional offense, the crime occurs by performing any of the optional actions. As can be understood from the preamble of the article, in order for personal data to be accepted as “given”, “disseminated” or “seized”, personal data must be recorded, given to others as recorded, disseminated or seized (Y12CD-K.2016/13355).

According to the Court of Cassation, the elements of the offense are formed by performing any of the following optional acts:

1. The offense of giving personal data to another person: The term “another” in Article 136 of the TPC includes both a natural person and a legal entity. For example, the offense of ‘giving personal data to someone else’ occurs when personal data is given to a company unlawfully. Personal data may be given to these persons by hand, by mail or by electronic mail over the internet, etc. What is meant by the act of giving personal data is the transmission or notification of things that convey thoughts or information to someone else. In this optional act, it does not matter whether the data is obtained by lawful or unlawful methods, the important point is that the act of giving is unlawful.

2. The crime of disseminating personal data: Dissemination of personal data means the announcement or distribution of personal data to third parties. The optional act of disseminating personal data can also be carried out in various ways. Acts such as publishing personal data on a website on the internet, sending personal data to many people by e-mail or by text message from the phone, publishing it in written or visual media are considered as the crime of disseminating personal data

3. The offense of interception of personal data: The act of obtaining personal data occurs when a personal data under the control of another person comes under the control of the perpetrator. It can be realized in the form of taking the documents in which the personal data is registered or seizing it from the information system in which it is registered, etc….

Since the crime of unlawful provision, dissemination or seizure of personal data is regulated as an abstract danger crime in Article 136 of the TPC, the crime occurs by performing optional actions. It is not necessary that any damage occurs due to criminal acts.

What is the Penalty for the Offense of Giving, Disseminating or Obtaining Personal Data to Another Person (Art. 136 of the TPC)?

The penalty for the offense of unlawfully providing, disseminating or obtaining personal data is imprisonment from 2 to 4 years (Article 136 of the TPC).

If the subject of the crime is the recordings and images containing the statements of the victim of the qualified sexual assault crime or the child victim (Article 236/5-6 of the Criminal Procedure Code), the penalty to be imposed is increased by one.

The offense of unlawfully giving, disseminating or obtaining personal data;

By a public official (civil servant, etc.) and by abusing the authority of his/her position,
By taking advantage of the convenience provided by a certain profession and art

If the offense is committed, the imprisonment sentence to be imposed pursuant to Article 136 of the TPC is increased by 1/2 (Article 137 of the TPC). In this case, the penalty for the offense is imprisonment from 3 years to 6 years.

What are the Qualified Conditions that Increase the Penalty for the Crime? (Article 137 of the TPC)

In the following cases, the penalties imposed pursuant to Article 136 of the TCC for the offense of unlawfully providing, disseminating or obtaining personal data should be increased by 1/2:

1. If the offense is committed by a public official (civil servant, municipal police officer, lawyer, judge, prosecutor, etc.) and by abusing the authority granted by his/her office, the penalty to be imposed according to Article 136 of the TPC shall be increased by 1/2 (TPC 137/1-a).

In criminal law, a public official is a person who participates in the execution of public activity through appointment or election or in any other way, permanently, temporarily or temporarily. In criminal law, public official has a very broad meaning and includes many professions such as MP, police officer, expert witness. For example, if a self-employed survey engineer is appointed as a special expert by the court, the engineer who participates in judicial/public activity in this way is considered a public official.

In order for this qualified form of the crime to be applied, the public official must abuse the authority granted by his/her duty to obtain, give away or disseminate personal data. In the event that the public official commits the offense with an act outside the scope of his/her duty, even if it is in the course of his/her duty, the qualified form requiring an increase in the Article 137/1-a of the TPC is not applied.

At the end of the judicial investigation initiated after the police officer was granted an investigation permit, it was alleged that he committed the crime of unlawfully giving or obtaining data regulated in Articles 136/1 and 137/1-a of the TPC; the defendant, wondering whether the Minister of Interior is a fellow countryman or not, logged into the “Identity Sharing System” with the user password given to him by his institution, made arbitrary and irregular inquiries, and accessed the population and address information of the victim, who is the Minister of Interior, which is personal data, Since it is understood that the legal elements of the offense of unlawfully giving or obtaining the data imputed to him due to reading the victim’s personal data by abusing the authority given by his duty, there is no inconsistency in the acceptance of the local court to establish a conviction sentence for the defendant according to the scope of the file (Y12CD-K. 2020 /5426).

2. If this offense is committed by taking advantage of the facilities provided by a certain profession or art, the penalty to be imposed according to Article 136 of the TPC shall be increased by 1/2 (TPC 137/1-b).

In order for this paragraph to be applied, the profession or art of the perpetrator must facilitate the acts of obtaining, disclosing or disseminating personal data. The perpetrator who benefits from the facilitation provided by the profession and art must commit the act constituting the offense. For example, if a person working in large telecommunication companies such as TURKCELL, VODAFONE, etc. collectively gives the telephone numbers in a certain district to a company engaged in trade, the crime of giving qualified personal data to someone else by taking advantage of the convenience provided by a certain profession and art will be committed.

Postponement of Sentence, Conversion to Judicial Fine or HAGB Issues

A judicial fine is a type of sanction that can be imposed alone or in combination with a prison sentence for a crime committed. The prison sentence for the offense of obtaining, disseminating or passing on personal data may be converted into a judicial fine under certain conditions.

Deferral of the Announcement of the Verdict (HAGB) is a criminal procedure institution that causes the sentence imposed on the defendant not to have any consequences within a certain period of supervision, and when certain conditions are fulfilled during the supervision period, the criminal decision is eliminated without any consequences, which leads to the dismissal of the case. It is possible to decide to defer the announcement of the verdict (hagb) about the sentence imposed for the crime of obtaining, disseminating or giving personal data to someone else.

Postponement of the sentence is an individualization institution that conditionally waives the execution of the imprisonment sentence in prison and ensures that the sentence is deemed to have been executed if the defendant spends the specified period of supervision with good behavior in social life. It is also possible to postpone the imprisonment sentence imposed for the offense of obtaining, disseminating or passing on personal data.

Why Us?

The crime of unlawfully giving, disseminating or obtaining personal data regulated in Article 136 of the TPC; Since it is a special norm that protects information regarding the area of the victim’s life that should remain confidential, defending with the help of a lawyer during the trial will prevent loss of rights.

Having the support of a professional lawyer in legal proceedings is critical to protecting your rights and managing the process effectively. A lawyer secures your legal rights at every stage, from making the necessary applications within the framework of the relevant legislation to the follow-up of the process before the official authorities. In addition, technical and procedural procedures such as determining the victimization, collecting evidence correctly and correspondence with the relevant parties can also be carried out effectively through lawyers.

Particularly in sensitive matters such as violation of personal rights, privacy, commercial rights or protection of copyrights, timely interventions are of vital importance. In such legal cases, it is possible to manage the processes correctly, prevent loss of rights and develop the most appropriate strategies with the support of an expert lawyer.

Providing legal services with its expert staff, Güneş&Güneş Law Office offers effective and strategic solutions to its clients in a wide range of legal issues, especially in the digital world. We are ready to provide the support you need in legal matters such as protecting your individual rights or securing the assets of your business. With 25 years of experience, we are at your side to produce solutions to all your legal problems.

Criminal Offense of Giving, Disseminating or Obtaining Personal Data to Others Court of Cassation Decisions

Private Life Images and Sounds Do Not Constitute the Crime of Obtaining or Disseminating Personal Data

Although there is no doubt that a private life image or voice is “personal data”, fixing the image or voice of a person’s private life to a certain electronic, digital, magnetic place with a device capable of taking or recording pictures without his/her knowledge is defined in Article 134/1. and paragraph 2. In the second sentence of Article 134/1 of the TPC; disclosure without consent, i.e. dissemination, disclosure, exposure, publicizing, publicizing, publicizing, making public, in summary; making available to the information of persons or persons who are not authorized to learn its content 134/2 of the TPC. Since it is regulated within the scope of the crime of violating the privacy of private life in article and paragraph, the image or voice of a person’s private life cannot be considered as personal data within the scope of articles 135/1 of the TPC and 136/1 of the same Law (12th Criminal Chamber of the Court of Cassation 2019/14037 E. , 2022/2232 K).

Personal Data Must Be Recorded First

As emphasized in the decision of the Criminal General Assembly of the Court of Cassation dated 17.06.2014 and numbered 2012/1510 main, 2014/331; in the regulations on the protection of personal data in Articles 135 and 136 of the TCC, there is no provision stating that only confidential personal data will be protected, and on the contrary, in the justification of Article 135, it is stated that all kinds of information related to the real person should be considered as personal data. On the contrary, in the justification of Article 135, it is stated that all kinds of information related to the real person should be accepted as personal data, and the acts of unlawfully giving, disseminating and obtaining all kinds of personal data constitute the crime of unlawfully giving or obtaining data under Article 136 of the TCC. For this reason, personal information that is known by everyone and/or can be easily accessed and known is also considered as “personal data” in the legal sense. However, in order to prevent negative consequences such as uncertainty in practice and almost every action constituting a crime by expanding the scope of application of the crime of unlawfully giving or obtaining data more than intended, it is necessary to make a meticulous evaluation by taking into account the characteristics of the concrete event, to determine whether there is a reason for compliance with the law that can be accepted by any branch of law or a matter that can be taken into consideration within this scope, and to determine that the defendant knows or is in a position to know that he acted unlawfully with his action.

As can be understood from the reasoning of Article 136/1 of the TPC, “This article defines the unlawful giving, dissemination or seizure of personal data to others, whether or not it has been recorded in accordance with the law, as an independent crime.” In order for personal data to be accepted as “given”, “disseminated” or “seized”, personal data must be recorded, given to others in its recorded form, disseminated or seized. At this point, it should be noted that any activity that enables the personal data to be taken from the place where the document on which it is written is located or to be fixed by transferring it to another object in its recorded form (for example, by transferring the writing on another object such as paper, notebook, etc., transferring it to a portable memory or CD), so that it can be reused when desired, can be evaluated within the scope of “obtaining” personal data, as well as learning the personal data before it is recorded, and being aware of the personal data only through the senses should be evaluated within the same scope.

According to the scope of the file examined in the light of these explanations and according to the defense containing a confession; In the incident subject to the allegation that the defendant, who had an emotional relationship with the participant for a period of time, took the participant’s mobile phone without the participant’s consent while the participant was getting ready and looked at the call records; The subject of the crime in Article 132/1 of the TPC. The subject of the crime in Article 132/1 of the TPC is the content of communication and the crime in question will occur with the unlawful learning of the content of communication between certain persons, in order to be able to speak of the confidentiality of communication, there must be a communication between persons that can be called communication, there must be a means of communication between at least two people (telephone, letter, e-mail, etc.) and the parties must be able to use this communication as a means of communication. ) and the parties must make this communication by taking confidentiality measures, and since it is understood that the information about who, when, how often and for how long the participant met with whom, when, how often and for how long is within the scope of personal data and cannot be qualified as communication, the defendant, who looked at the call records within the scope of the participant’s personal data without the consent of the participant and became aware of its content, is subject to Article 136/1 of the TPC. Without considering that a verdict of conviction should be given for the crime of illegally giving or obtaining the data in the article and its paragraphs, it is a reason for reversal to establish a verdict of acquittal for the crime of violating the confidentiality of communication in writing by making a mistake in the appreciation of the evidence and legal characterization (12th Criminal Chamber of the Court of Cassation – Decision: 2019/4886).

Interception of Telephone Call Records

In the case of the allegation that the defendant, who had an emotional relationship with the participant for a period of time, took the participant’s mobile phone without the participant’s consent while the participant was getting ready and looked at the call records; the subject of the crime in Article 132/1 of the TPC is the content of communication and the crime in question will occur by unlawfully learning the content of communication between certain persons, in order to be able to speak of the confidentiality of communication, there must be a communication between persons that can be called communication, there must be a means of communication between at least two people (telephone, letter, e-mail, etc.) and the parties must make this communication by taking confidentiality measures. ) and the parties must make this communication by taking confidentiality measures, and since it is understood that the information about who, when, how often and for how long the participant met with whom, when, how often and for how long is within the scope of personal data and cannot be qualified as communication, the defendant, who looked at the call records within the scope of the participant’s personal data without the consent of the participant and became aware of its content, is subject to Article 136/1 of the TPC. Without considering that a verdict of conviction should be given for the crime of unlawfully giving or obtaining the data in the articles and paragraphs of the article and paragraph, it is a reason for reversal to establish a verdict of acquittal for the crime of violating the confidentiality of communication in writing by making a mistake in the appreciation of the evidence and legal characterization (Court of Cassation 12 Criminal Chamber – 2019/4886 K.)

Giving Personal Data with Cell Phone Number to Another Person (Dissemination)

The judgments regarding the conviction of the defendant for the crimes of unlawfully giving or obtaining data, sexual harassment and threats were appealed by the defendant, the file was examined and the necessity was considered: With the aim of satisfying his sexual desires and wishes, the defendant … used the GSM line registered in his name, which was used by him, from the 20-year-old victim … After sending messages to the victim, first with sexual content directed at the victim’s genitals and then with threats that he would spread his cell phone number in a way that would cause the victim to be sexually harassed by others, but he did not receive a positive response from the victim and could not establish the desired communication with him, According to the scope of the file, there is no inconsistency in the local court’s acceptance that the victim committed the crimes of unlawfully giving or obtaining data, sexual harassment and threats in a chain by distributing the victim’s mobile phone number, which is personal data, to others against the consent of the victim. (12th Criminal Chamber of the Court of Cassation – Decision No: 2019/5172).

Giving, disseminating or obtaining all kinds of information belonging to a specific or identifiable person to another person is defined as a crime under the title of “Unlawful giving or obtaining data” in Article 136/1 of the TPC, and the fact that the act is committed by a public official and by abusing the authority given by his duty or by taking advantage of the convenience provided by a certain profession and art is stipulated as a reason for an increase in the punishment in Article 137 of the same Law.

Verileri hukuka aykırı olarak verme veya ele geçirme suçunun maddi konusunu oluşturan “kişisel veri” kavramından, kişinin, yetkisiz üçüncü kişilerin bilgisine sunmadığı, istediğinde başka kişilere açıklayarak ancak sınırlı bir çevre ile paylaştığı nüfus bilgileri (T.C. identity number, name, surname, place and date of birth, mother and father’s names), criminal record, place of residence, educational status, occupation, bank account information, telephone number, e-mail address, blood type, marital status, fingerprints, DNA, biological samples such as hair, saliva, nails, sexual and moral tendencies, Any information that identifies or makes identifiable the identity of a person, such as health information, ethnic origin, political, philosophical and religious views, trade union affiliations, which distinguishes the person from other individuals in the society and is suitable for revealing his/her qualities, and which belongs to the real person must be understood. Although personal information that is known and/or easily accessible and knowable by everyone is also considered as “personal data” in the legal sense, in order to prevent negative consequences such as uncertainty in practice and the criminalization of almost every action by expanding the scope of application of the said article more than intended, in the application of the article, It is necessary to make a meticulous evaluation by taking into account the characteristics of the concrete case, to determine whether there is a reason for compliance with the law that can be accepted by any branch of law or a matter that can be taken into consideration within this scope, and it is also necessary to determine that the defendant knew or could have known that he acted unlawfully with his action.

As can be understood from the justification of Article 136/1 of the TPC as follows: “This article defines the unlawful giving, dissemination or seizure of personal data to others, whether or not it has been recorded in accordance with the law, as an independent crime.” In order for personal data to be accepted as “given”, “disseminated” or “seized”, personal data must be recorded, given to others as recorded, disseminated or seized. Learning personal data before it is recorded, disclosure of personal data stored in memory to others, and access to personal data only through the senses can only be considered within the scope of the crime of violation of the privacy of private life regulated in the 1st sentence of Article 134/1 of the TPC.

When the concrete case is examined in the light of these explanations, in the case where the defendant Turgut gave the phone number of the complainant, who was the girlfriend of the complainant, to the other defendant Onur without the consent of the complainant; the actions of the defendant Turgut, who unlawfully disseminated the phone number of the complainant, and the defendant Onur, who unlawfully obtained the phone number, are considered to be in violation of Article 136/1 of the TPC. article, instead of convicting them separately, deciding to acquit them with the inaccurate reasoning that “the act of giving a phone number cannot be considered as the seizure and dissemination of personal data” is a reason for reversal (12th Criminal Chamber of the Court of Cassation – Decision: 2014/16665).

Groom’s and Wedding Dress Photos are Personal Data

Since the wedding photographs of the victim, in which he was wearing a groom’s suit and his wife was wearing a wedding dress and posed side by side with his wife, cannot be considered as images that violate the confidentiality of his private life, which the victim would not want to be seen and known by others, the defendant, who presented the photographs of the victim, which are personal data, to the view of others by a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, taking into account that his action was described in the indictment, should be given a verdict of conviction against the defendant after being given the right to an additional defense due to the possibility of applying Article 136/1 of the TPC in accordance with Article 226 of the Code of Criminal Procedure. In accordance with Article 136/1 of the TCC, after granting the defendant the right of additional defense due to the possibility of the application of Article 136/1 of the TCC, while the defendant should be convicted of the crime of unlawfully giving or obtaining data, it is a reason for reversal to establish a verdict of acquittal for the defendant on insufficient grounds that the action was evaluated only within the scope of the crime of violation of the privacy of private life (12th Criminal Chamber of the Court of Cassation – Decision: 2020/7153).

Posting a victim’s Twitter photo on one’s own account

The photo of the victim posed in a pose, which was shared by the victim on the victim’s twitter account, cannot be considered as an image related to the victim’s private life that the victim would not want others to see and know; however, the defendant, who published the victim’s photo, which is personal data not related to the victim’s private life, on his own internet account with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, should be sentenced for the act described in the indictment, taking into account that the additional defense right was granted due to the possibility of applying Article 136/1 of the TPC. article and paragraph 136/1. of the TPC due to the action described in the indictment, a verdict of conviction should be established for the crime of unlawfully giving or obtaining data, while taking into account that the right to additional defense was granted, “… the participant shared the photo in question publicly on his page on the social networking site, the participant was not disturbed by the fact that the photo he shared in this way was seen and shared by others because the participant did not make any restrictions, therefore, taking the photo in question and commenting on it would not constitute the charged crime… ”, the establishment of a verdict of acquittal in writing based on legal and insufficient grounds is a reason for reversal (Y12CD-K. 2021 /6589).

Personal Data in the Exercise of the Right to Complaint

The crime of “unlawfully giving or obtaining data” under Article 136 of the TPC is regulated as an optional offense. The crime will be committed by performing one of the optional actions of unlawfully giving personal data to someone else, disseminating personal data and seizing personal data.

In the optional act of “giving personal data to someone else”, the “someone else” mentioned in the article may be a real person or a legal entity, and the data may be given to these persons by hand, by mail or by electronic mail over the internet, etc. In the Turkish Language Institution’s Grand Turkish Dictionary, “to give” is defined as “to deliver something that is on one’s person, in one’s possession or near one’s person, to transmit, to convey to others something that conveys thoughts or information, to notify”. In this optional action, it does not matter whether the data is obtained by lawful or unlawful methods, the important point is that the act of giving is unlawful.

The optional act of “disseminating personal data” can also be carried out in various ways; such as publishing personal data on a website on the internet, sending personal data to many people by e-mail or by text message on the phone, publishing it in written or visual media… In the Turkish Language Association’s Great Turkish Dictionary, “disseminate” is explained as “to announce to many people, to cause it to be distributed to the environment”.

The optional act of “seizing personal data” can be performed by taking the documents in which personal data are registered or seizing them from the information system in which they are registered, etc. The act of seizure will be realized when a personal data under the control of another person comes under the control of the perpetrator.

Since the realization of any result is not required in this crime, the crime will occur by performing the optional actions listed in the article. In this respect, “unlawfully giving or obtaining data” in Article 136 of the TCC is an abstract danger crime.

In the concrete case where the defendant, who is a civil servant himself and his wife, took the birth certificate of the participant, who works as a midwife in the same workplace with his wife, from the hospital to be the subject of the complaint they will make, and presented it as an attachment to the complaint petition they submitted to the provincial health directorate, the birth certificate of the participant is personal data, When the fact that the defendant, who works as a civil servant, is in a position to know that it would be unlawful to receive a document containing information belonging to someone else, even if it is the subject of a complaint application, and that by adding the birth certificate subject to the crime to the complaint petition, the information contained therein, which is personal data, is caused to be learned by others without the consent of the participant, is evaluated together, the defendant’s action constitutes the crime of unlawfully obtaining and disseminating personal data regulated in Article 136 of the TPC. It constitutes the crime of unlawfully obtaining and disseminating personal data regulated in the article.

Although it can be argued that there is a mistake about the act constituting an injustice because the birth certificate subject to the crime was taken to be presented as evidence of the complaint to be made, the defendant, who has been working as a civil servant for a long time, is in a position to know that it is unlawful to take a document containing information belonging to someone else without the knowledge and consent of the person concerned, Considering the fact that his wife is a health worker and has two children, he knows how the birth certificate was obtained, and that it is possible to obtain the relevant document by the institution to which the complaint application is made by stating in the content of the complaint petition, it is not possible to talk about an inevitable error that the act constitutes an injustice (Criminal General Assembly – K. 2014 /312).

Publishing Captured Photographs / Pictures / Images

The photograph of the victim posing with her daily clothes cannot be considered as an image of her private life that the victim would not want others to see and know; however, the defendant, who published the photograph of the victim, which is personal data not related to her private life, on his facebook account with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, should be convicted of the crime of unlawfully giving or obtaining data under Article 136/1 of the TPC described in the indictment. article and paragraph 136/1 of the TPC, which is explained in the indictment, should be convicted of the offense of unlawfully giving or obtaining data, it is a reason for reversal to decide to convict the defendant in writing for the offense of violating the confidentiality of private life by disclosing the images or sounds in Article 134/2 of the TPC, for which the defendant’s additional defense was taken, by making a mistake in the nature of the crime (12th Criminal Chamber of the Court of Cassation – K.2021 /3092).

In the indictment in which the defendant is requested to be punished separately for the crimes of recording personal data under Article 135/1 of the TCC and the crimes of unlawfully giving or obtaining data under Article 136/1 of the same Law; the act attributed to the defendant in the form of the defendant, as a reaction to the breakdown of the engagement by the victim, who is the victim’s fiancé, seizing the photos of the victim shared by the victim on the victim’s facebook account and publishing them on his own facebook account, constitutes the crime of unlawfully giving or obtaining data as a whole (Y12CD-K.2021 /3642).

Since the pictures of the participant showing only the head and face and the pictures of the participant posed in casual clothes cannot be considered as an image related to the private life area that the participant would not want others to see and know, there is no inconsistency in the acceptance and application of the local court that the act of the defendant, who published the pictures of the participant, which are personal data, on the social networking site named facebook with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, constitutes the crime of giving or obtaining data illegally in a chain as defined in Article 136/1 of the Turkish Penal Code (Court of Cassation 12 CD-K.2020). There was no inconsistency in the acceptance and application of the local court that the defendant’s act constituted the offense of illegally giving or obtaining data in a chain as defined in Article 136/1 of the TPC (Court of Cassation 12 CD-K.2020 /5241).

In the case where the defendant added a picture of the victim posing with her daily clothes, which was available on the internet, to the profile of his fake facebook account, which he opened using the name and surname of his girlfriend, the victim, who broke up with him, and shared pornographic images; Since the picture of the victim posing with her daily clothes, which was previously published on the internet by the victim, cannot be considered as an image related to the private life area that the victim would not want others to see and know, the act of the defendant, who published the victim’s picture, which is personal data, through a fake facebook account with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, is defined in Article 136/1 of the TPC. It is unlawful to convict the defendant for the crime of violating the confidentiality of private life regulated in Article 134/2 of the TCC on legal and insufficient grounds, without considering that it will constitute the crime of illegally giving or obtaining data defined in Article 136/1 of the TCC (12th Criminal Chamber of the Court of Cassation – Decision: 2017/637).

In the case where it is alleged that the defendant was emotional friends with the victim and after their separation, he opened an account on a social networking site on behalf of the victim and published the victim’s personal information and photographs; In the defense of the defendant at all stages, which could not be proven otherwise, the defendant declared that they opened the account on the social networking site together with the victim, uploaded the photos together, and did not make any transactions on the account after their separation, and the dates when the account was opened and transactions were made could not be determined from the page images of the social networking site, Considering that there is no material evidence obtained by seizing the computer belonging to the defendant and examining the hard disks, and that it is not possible to obtain new evidence in the examination to be made due to the time that has passed, contrary to the defense, considering that there is no evidence sufficient for conviction, definite, clear of all kinds of doubts and convincing evidence, it is against the law to give a verdict of conviction with written thoughts, while the defendant should be acquitted (Court of Cassation 12th. Criminal Chamber – Decision: 2015/2130).

The defendant Serap, upon reading the messages and electronic messages sent by the victim Aslı and the witness Devrim, her common-law husband, to each other and learning about the emotional intimacy and friendship between the two, opened a fake facebook account bearing the victim’s name and surname as a reaction to the victim, without her knowledge and consent, In the act of publishing a picture of the victim posing with her daily clothes on this account, the legal elements of the crime of unlawfully giving or obtaining the data defined in Article 136/1 of the TPC have occurred, since the personal data belonging to the victim such as name, surname and picture were presented to the view of others by a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law. Without considering that the legal elements of the crime of unlawfully giving or obtaining data defined in Article 223/2-a of the Criminal Procedure Code, it is contrary to the law to establish a verdict of acquittal for the defendant in accordance with Article 223/2-a of the Criminal Procedure Code based on legal and insufficient grounds, on the grounds that it is possible for everyone to easily access the photograph of the victim, which was obtained from the internet and added to the fake facebook account (Court of Cassation 12th CD – Decision: 2015/18748).

The defendant took the victim’s name, surname, graduated school information, address information of the house where she resided, together with the victim’s photograph taken in daily life and the photographs taken from the exterior of the house where she lived, in reaction to the termination of their friendship by the victim and without the victim’s knowledge and consent, Regarding the incident published on the social networking site named “facebook”, the action of the defendant, who shared the address information of the victim, which is in active use, which is not known by everyone or cannot be easily accessed and known, but shared with a limited circle, together with her name, surname, photograph of herself and the house she lives in, without her consent, will constitute the crime of “unlawfully giving or obtaining data” in Article 136/1 of the Turkish Penal Code. It is against the law that the court made a mistake in the qualification of the crime and decided to convict the defendant of the crime of violating the confidentiality of private life under Article 134/2 of the TCC as written (12th Criminal Chamber of the Court of Cassation – Decision: 2014/2980).

When evaluated in terms of the crime of unlawfully giving or obtaining data under Article 136 of the TCC, although the picture of the participant in the facebook account can be accepted within the scope of personal data; the crime of unlawful seizure and dissemination does not occur because the defendant obtained the picture from the public profile picture of the participant’s facebook account on the internet and put it on his facebook account without including any other personal information of the participant (12th Criminal Chamber – 2014/19490 decision).

When the internet printouts available in the file are examined; it is understood that the picture of the victim showing the victim’s face was published in the aforementioned profile, and this picture is not related to the victim’s private life area and is not of a nature to violate the privacy of her private life, according to the defendant’s defense that he obtained the victim’s picture from the victim’s facebook account at the investigation stage and the statements of both the defendant and the victim taken at the hearing, the pictures of the defendant and the victim taken separately were published in the fake account in question, In the face of the fact that there is no allegation that a private photograph showing the unity of the parties was published, in view of the current state of evidence, the action of the defendant, who illegally published the victim’s pictures, which are personal data, together with her name and surname, will constitute the crime of unlawfully giving or obtaining data defined in Article 136/1 of the TCC. Without considering that it would constitute the crime of illegally giving or obtaining the data defined in Article 134/2 of the TCC, it is a reason for reversal to make a mistake in the qualification of the crime and to convict the defendant of the crime of violation of the privacy of private life regulated in Article 134/2 of the TCC based on legal and insufficient grounds (12th Criminal Chamber of the Court of Cassation 2014/23451 E. , 2015/8787 K)

Obtaining Bank or Credit Card Information (Personal Data)

The action of the defendant who installed a system to copy the information of debit and credit cards on the ATM device of the bank, but was caught without being able to copy any card as a result of being reported, should be qualified as an attempt to the crime of unlawful acquisition of personal data within the scope of Article 136 of the TPC (Court of Cassation 8th Criminal Chamber 2014/17639 decision).

Actions consisting of copying the magnetic stripe information of the cards belonging to the people who come to make transactions with the devices placed in ATM devices and trying to obtain their passwords; constitutes the crime of attempting to unlawfully obtain personal data regulated in Article 136 of the TPC in a chain (8th Chamber of the Court of Cassation – 2013/25854 decision).

Use of Personal Health Information in Litigation

The defendant, who is a general surgeon and works as a doctor in a private beauty center, filed a lawsuit for compensation against the complainant as a complainant due to the increase in hair growth and burns on the face of the complainant after the application of laser facial epilation treatment to the complainant for two years in the beauty center, and in the petition for compensation filed through his attorney, he wrote the list of medicines in the nature of personal data used by the complainant 1 year before the lawsuit, and defended that the complaints in the complainant could be a side effect of the medicines he used; In the action of the defendant, who has no allegation that he gave or disseminated the list of drugs in the nature of personal data to someone else, in the trial of the compensation lawsuit filed against him, in his action, which aims to prove his defense that the complaints subject to the lawsuit may also be caused by the side effects of the drugs used by the complainant in the last 1 year, it is understood that he did not act with the awareness of acting against the law, so the crime of giving or disseminating personal data to someone else did not occur. (12th Criminal Chamber of the Court of Cassation – 2014/7889 decision).

Sharing a Cell Phone Belonging to a Person over the Internet

In the case where the defendant disseminated the mobile phone number of the complainant, who is a friend of the complainant, without the knowledge and consent of the complainant, by making membership transactions under the pseudonym “duygu” on the dating site called “com”, and in the profile he opened, he made posts from the mouth of the complainant, which may contain value judgments that cause humiliation of the complainant, which may offend the honor, honor and dignity of the complainant, whereupon the complainant started to be searched by people she did not know; it is clear that the crime of unlawful acquisition, transfer or dissemination of personal data has occurred (Supreme Court of Appeals 12th Criminal Chamber – 2014/25 decision). Criminal Chamber – 2014/3719 decision).

Officer’s Offense of Obtaining Personal Data

In the concrete case where the defendant, who is a civil servant himself and his wife, took the birth certificate of the participant, who works as a midwife in the same workplace with his wife, from the hospital to be the subject of the complaint they will make, and submitted it as an annex to the complaint petition they submitted to the provincial health directorate, the birth certificate of the participant is personal data, When the issues of the defendant, who works as a civil servant, being in a position to know that it would be unlawful for the defendant to receive a document containing information belonging to someone else, even if it is subject to the complaint application he will make, by adding the birth certificate subject to the crime to the complaint petition, causing the information contained herein, which is personal data, to be learned by others without the consent of the participant,

The defendant’s action constitutes the crime of unlawfully obtaining and disseminating personal data regulated in Article 136 of the TCC.

In this respect, the verdict of the local court sentencing the defendant pursuant to Article 136 of the Turkish Penal Code No. 5237 for the offense of obtaining, disseminating or giving personal data to someone else and the decision of the Special Chamber approving this verdict is correct (Court of Cassation CGK – Decision : 2014/312)

Police Officer’s Acquisition and Transfer of Personal Data

At this point, it should be noted that, although any activity that enables personal data to be taken from the place where the document on which it is written is located or to be fixed by transferring it to another object in its recorded form (e.g. by transferring the writing to another object such as paper, notebook, etc., transferring it to a portable memory or CD), so that it can be reused when desired, can be considered within the scope of “obtaining” personal data. Although all kinds of activities that enable the personal data to be fixed on an object, transferred to a portable memory or CD, etc., so that it can be reused when desired, can be considered within the scope of “obtaining” personal data, learning personal data before it is recorded, disclosing personal data kept in memory to others, and accessing personal data only through the senses can only be considered within the scope of the crime of violation of the privacy of private life regulated in the 1st sentence of Article 134/1 of the TPC. According to the circular of the General Directorate of Security dated 09.03.2005 and numbered 6429-15 on entry and exit records numbered 2005/26 and the current legislation, in order to provide the exit and entry information of a person, there must be a written application of the persons or their proxies, a written request from public institutions and organizations and judicial authorities, the defendants, out of personal curiosity, used the passwords given to them as part of their duties, and without any legal justification and basis, by exceeding their authority, questioned the exit and entry information of the participant … and committed the crime of unlawfully giving or obtaining the data defined in Article 136/1 of the Turkish Penal Code. It is understood that they are alleged to have committed the offense of unlawfully giving or obtaining data defined in the article,

Complainant … It cannot be accepted that the defendants, who are in a position to easily see the information on leaving the country and entering the country, which are personal data belonging to ‘s, if they are physically entrusted with the task, even if they are not directly entrusted with a task, have obtained personal data with their actions consisting of using the passwords given to them due to the security of the database, querying the system and reading this information, as well as the personal data in question, In the face of the fact that the defendants were given the opportunity to access the data in the system with a simple password and that the data contents were not hidden from the defendants, it cannot be accepted that the defendants acted with the awareness that they acted unlawfully while making inquiries in the system, since the legal elements of the crimes of unlawfully giving or obtaining data as defined in Article 136/1 of the TPC and violating the privacy of private life as defined in Article 134/1-1 of the same Law did not occur in the action attributed to the defendants. Since the legal elements of the crimes of unlawfully giving or obtaining the data in Article 136/1 of the TPC and violating the privacy of private life defined in Article 134/1-1 of the same Law did not occur, there was no inaccuracy in the decision of the local court regarding the acquittal of the defendants in accordance with Article 223/2-a of the Code of Criminal Procedure (12th Criminal Chamber of the Court of Cassation – Decision: 2016/5860).

How is the Crime of Disseminating or Giving Personal Data to Others Committed?

The legal value protected under Article 136 of the TPC is the private life and confidential area of life in general, and personal data in particular. Since all personal data is protected by these regulations, personal data does not necessarily have to be confidential. Personal data that are not confidential and known by everyone should also be protected against unlawful acts. This is because the legal value protected in crimes related to the protection of personal data is not “secret”, but the personal rights of the data subject.

The crime of “unlawfully giving or obtaining data” in Article 136 of the TPC is regulated as an optional offense. The crime will be committed by performing one of the optional actions of unlawfully giving personal data to someone else, disseminating personal data and obtaining personal data.

The optional act of “disseminating personal data” can also be realized in various ways. Such as publishing personal data on a website on the internet, sending personal data to many people by e-mail or by text message from the phone, publishing it in written or visual media… In the Turkish Language Association’s Great Turkish Dictionary, “disseminate” is explained as “to announce to many people, to cause it to be distributed to the environment”.

When the concrete case is evaluated in the light of these explanations;

In the case where the profile created by using the pseudonym “canans” on the dating website named “Temizhava” with the IP number “88.226.178.19” on 12.04.2007 on the ADSL line registered in the name of the defendant and his address in Antalya, the information that the participant wants to meet men who like to travel and have fun with her phone number without her consent was included, and various messages were sent to the participant’s phone by the people who entered the site;

The statement of the participant that the defendant committed the act due to the enmity between her and the defendant’s daughter by filing a personal complaint to the Beykoz Chief Public Prosecutor’s Office one day after the crime was committed in Antalya province; the expert report that the membership process on the dating site where the participant’s phone number was given was carried out through the computer using the ADSL line registered in the name of the defendant and the writings of Yeni Medya Elektronik Yayıncılık ve Türk Telekomünikasyon Anonim Şirketi; Since the defendant’s defenses that the action was carried out by the participant who came to their home and that he was conspired against him cannot be credited with the acceptance that it is intended to get rid of the crime, it should be accepted that he committed the crime of unlawful dissemination of the data attributed to him (Court of Cassation CGK – Decision: 2017/363).

The Crime of Obtaining Personal Data such as Name-Surname and Phone Number

As emphasized in the decision of the Criminal General Assembly of the Court of Cassation dated 17.06.2014 and numbered 2012/1510, 2014/331; in the regulations on the protection of personal data in Articles 135 and 136 of the TCC, there is no provision stating that only confidential personal data will be protected, and on the contrary, in the justification of Article 135, it is stated that all kinds of information related to the real person should be accepted as personal data, and the acts of unlawfully giving, disseminating and obtaining all kinds of personal data constitute the crime of unlawfully giving or obtaining data in Article 136 of the TCC. For this reason, personal information that is known by everyone and/or can be easily accessed and known is also considered as “personal data” in the legal sense. However, in order to prevent negative consequences such as uncertainty in practice and almost every action constituting a crime by expanding the field of application of the crime of unlawfully giving or obtaining data more than intended, it is necessary to make a meticulous evaluation by taking into account the characteristics of the concrete event, to determine whether there is a reason for compliance with the law that can be accepted by any branch of law in the event or a matter that can be taken into consideration within this scope, and to determine that the defendant knew or could know that he acted unlawfully with his action.

Furthermore, although there is no doubt that a private life image or voice is “personal data”, the fixing of a person’s private life image or voice to a certain electronic, digital, magnetic place with a device capable of taking or recording pictures without his/her knowledge is defined in the 2nd sentence of Article 134/1 of the TPC. Since disclosure without consent, i.e. dissemination, disclosure, exposure, publicizing, publicizing, publicizing, making public, in short, making it available to the information of persons or persons who are not authorized to learn its content is regulated within the scope of the crime of violation of the privacy of private life in Article 134/2 of the TPC, the image or voice of the person’s private life cannot be considered as personal data within the scope of Article 136/1 of the TPC in the legal sense.

According to the scope of the file examined in the light of these explanations; the defendant …, who had the aim of contacting female students, was accused of … After calling the telephone number of the high school where the victim and her friends were studying, talking to the employee in the school canteen to whom she was directed by the switchboard attendant upon her request, asking one of the female students to answer the phone, introducing himself as “Ali Hoca” to 16-year-old Tayyibe, a classmate of the victim, and deceiving the victim’s friend and gaining her trust because the name of the vice principal of the school was also Ali, With the excuse that students with poor economic status and successful students will be sent with scholarships to the dershanes allocated quotas, the victim’s friend asked the victim’s friend to send the names and mobile phone numbers of female students with these qualifications, and through the message sent to the mobile phone used by the victim’s friend, the victim’s name, surname and mobile phone number, which are personal data, were obtained by a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law,

Considering that the act of the defendant, which has been established, will constitute the crime of illegally giving or obtaining data and that the act has been described in the indictment, the defendant was given the right of additional defense in accordance with Article 226 of the Code of Criminal Procedure due to the possibility of the application of Article 136/1 of the TPC, and by taking into account the manner in which the crime was committed, the intensity of the defendant’s intention and the purpose and motive he pursued, and by moving away from the minimum limit in the basic sentence, the defendant was convicted. Taking into account the way the crime was committed, the intensity of the defendant’s intention and the purpose and motive of the defendant, and taking into account the criteria in Article 61/1 of the TCC, it was not taken into consideration that the defendant should be convicted by moving away from the minimum limit in the basic sentence, and that the defendant’s action was not defined as a crime in the law due to the fact that the act charged to the defendant was not defined as a crime in the law due to the fact that the participant victim … did not interfere with the private life of the participant because the participant victim … understood that the person who called her by phone was not the assistant manager and hung up the phone, and that the defendant’s action was not defined as a crime only in Article 134/1 of the TCC. It is unlawful to acquit the defendant of the offense of violation of the privacy of private life based on legal and insufficient grounds that it is evaluated within the scope of the crime of violation of the privacy of private life regulated in the 1st sentence of Article 1 (12th Criminal Chamber of the Court of Cassation – Decision: 2016/12504).

Giving or Obtaining Personal Data for the Purpose of Fraud

Dolandırıcılık gibi hukuka aykırı bir amaç için adres bilgisi, banka hesap numarası gibi kişisel verilerin ele geçirilmesinin, veren kişinin iradesinin fesada uğratılmış olması nedeniyle, hukuka uygun olduğunun kabul edilemeyeceği, bu nedenle telefon hatlarının kayıtlı olduğu …Bilişim Telekomünikasyon A.Ş. whether the company named …Bilişim Telekomünikasyon A.Ş., to which the phone lines are registered, actually provides consultancy services, whether there are any cases of fraud against the executives of this company, and if so, what decision has been made, and who or who are the suspects who called the complainant on the day of the incident and seized his personal data, and according to the result of the investigation, the suspect or suspects will be prosecuted according to Article 136/1 of the Turkish Penal Code. Without considering that an indictment should be issued for the crime of illegally giving or obtaining personal data that complies with the article, instead of accepting the objection of the complainant’s attorney against the decision of non-prosecution as a result of incomplete investigation, it was ruled that the decision was reversed by accepting the application for reversal for the benefit of the law (12th Criminal Chamber of the Court of Cassation – Decision: 2016/4849).

The Crime of Disseminating Personal Data on the Internet

In the case where the profile created by using the nickname “canans” on the dating site named “……com” with the IP number “88.226.178.19” on 12.04.2007 on the ADSL line registered in the name of the defendant and his address in Antalya, the information that the participant wants to meet men who like to travel and have fun with her phone number without her consent was included, and various messages were sent to the participant’s phone by the people who entered the site;

Procedure for Preservation of Personal Data as Evidence

According to Article 20/3 of the Constitution, everyone has the right to request the protection of personal data concerning him/her. This right includes the right to be informed about personal data concerning oneself, to access such data, to request their correction or deletion, and to learn whether they are used for their intended purposes. While there is no doubt that materials such as sexually explicit images, sound recordings and photographs related to the private life of the victim of the crime are personal data, they also have the quality of evidence. Without prejudice to the exceptional provisions, pursuant to Articles 206 to 217 of the Code of Criminal Procedure, it is not possible to conceal evidence from the parties to the case, to prevent access to it, or to make it difficult or restricted. The parties to the case have the right to examine the evidence and question its legality and source, and to express an opinion on its soundness and credibility. Materials that constitute evidence and are personal data, which should be kept in the case file, should be kept in the file when the verdict is rendered, and should be examined by the higher courts in the appeal/appeal examination or by the authority in case of objection, if deemed necessary. In addition, pursuant to the mandatory regulation on the necessity to protect personal data in Article 20/3 of the Constitution, a balance must be struck between the right to examine the evidence and the protection of materials that are personal data regarding the private life of the victim against the access of third parties who are not parties to the case, in a way that does not limit the rights of defense and proof. In this respect, it would be appropriate to keep the materials in the nature of personal data regarding the victim’s private life in the case file as evidence, but it would be appropriate to take measures such as keeping them in a sealed envelope to protect them against the access of third parties who are not a party to the case in accordance with the protection of personal data.

For the reasons explained; it is possible to keep the materials in the nature of personal data of the victim as evidence in the file by enclosing them in a sealed envelope at the scene (Court of Cassation 4th Criminal Chamber – Decision: 2016/5371).

Failure to Remove Photos Posted on Facebook with Consent

In the event that the defendant, after publishing the photos of the victim kissing him on the cheek in one frame, hugging him in the others and posing side by side with both of them wearing their daily clothes, on his facebook account with the victim’s knowledge, continued to publish the photos in question, despite the fact that the victim and the victim broke up and the victim asked to remove them;

Since the photographs showing the existence and extent of the relationship between the alleged defendant and the victim were previously published on the social networking site named facebook in accordance with the consent of the victim, these photographs cannot be considered as images related to the victim’s private life and violating the confidentiality of her private life, the defendant’s act of continuing to publish the photographs of the victim, which are personal data of the victim, against the consent of the victim. It is against the law to acquit the defendant in accordance with Article 223/2-a of the Code of Criminal Procedure on written grounds that are not legal and sufficient, without considering that a verdict of conviction should be given for the offense of unlawfully giving or obtaining the data in Article 223/2-a of the Code of Criminal Procedure (12th Criminal Chamber of the Court of Cassation – Decision: 2017/6231).

The Difference Between the Crimes of Giving/Disseminating Personal Data to Others and Privacy of Private Life

The defendant …, who reacted against both participants due to the fact that the defendant … was convicted of different crimes by the participants … and …, who were serving as criminal judges, and the defendant …, who reacted against both participants due to the fact that the defendant … was convicted of different crimes, was found to be living next to the wife of the participant … and in the presence of the participant …. ‘s photographs of the participants posing alone in their daily clothes, from the accounts opened by the participants on other websites (such as facebook-twitter) in their own names, and published these photographs in the form of a slide show and accompanied by emotional background music, under the title “… the forbidden love of the courthouse”, in a way that creates the perception that there is an unofficial relationship between the participants, on the video sharing site called youtube,

Since the pictures of the participants, which were published by the participants on the internet and taken by the participants posing with their daily clothes in public places, cannot be considered as images related to the private life areas that the participants would not want others to see and know, the action of the defendant, who published the pictures of the participants, which are personal data, with a method that is not hesitated to be unlawful due to the absence of reasons for compliance with the law, will constitute the crime of giving or obtaining data defined in Article 136/1 of the TCC. It is against the law to convict the defendant for the crime of violating the privacy of private life regulated in Article 134/2 of the TCC on legal and insufficient grounds, without considering that it will constitute the crime of unlawfully giving or obtaining data defined in Article 134/2 of the TCC (12th Criminal Chamber of the Court of Cassation – Decision: 2017/870).

Showing Pictures on Facebook Social Media

There was no inconsistency in the local court’s acceptance that the defendant, who presented the victim’s picture, which is personal data, to the view of others through the facebook account named “Nesrin Hülya E.” with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, was convicted of the crime of unlawfully giving or obtaining data committed with general intent (Court of Cassation 12th Criminal Chamber – Decision: 2017/3108).

How to Save and Send Someone Else’s Whatsapp Profile Picture

In the event that the defendant saved the profile photo bearing the image of his child, which the participant used in the whatsapp program, to his phone after obtaining it using the whatsApp program, and then accidentally sent the photo in question to the participant’s phone,

Verileri hukuka aykırı olarak verme veya ele geçirme suçunun maddi konusunu oluşturan “kişisel veri” kavramından, kişinin, yetkisiz üçüncü kişilerin bilgisine sunmadığı, istediğinde başka kişilere açıklayarak ancak sınırlı bir çevre ile paylaştığı nüfus bilgileri (T.C. identity number, name, surname, place and date of birth, mother and father’s names), criminal record, place of residence, educational status, occupation, bank account information, telephone number, e-mail address, blood type, marital status, fingerprints, DNA, biological samples such as hair, saliva, nails, sexual and moral tendencies, Any information that identifies or makes identifiable the identity of a person, such as health information, ethnic origin, political, philosophical and religious views, trade union affiliations, which distinguishes the person from other individuals in the society and is suitable for revealing his/her qualities, and which belongs to the real person must be understood. Although personal information that is known and/or easily accessible and knowable by everyone is also considered as “personal data” in the legal sense, in order to prevent negative consequences such as uncertainty in practice and the criminalization of almost every action by expanding the scope of application of the said article more than intended, in the application of the article, It is necessary to make a meticulous evaluation by taking into account the characteristics of the concrete case, to determine whether there is a reason for compliance with the law that can be accepted by any branch of law or a matter that can be taken into consideration within this scope, and it is also necessary to determine that the defendant knew or was in a position to know that he acted unlawfully with his action.

In terms of our concrete case, it is understood that the picture taken on the birthday of the participant’s son, which is understood to have been set as the whatsapp profile picture of the participant, can be accessed by anyone who registers the participant’s phone, and at the same time, the defendant stated that he recorded the photo in question in order to prove that there was a relationship between the defendant and the participant in the divorce case between the defendant’s aunt and the defendant’s aunt, who is the husband of the aunt with whom the participant was together, and the court did not find any inconsistency in the acquittal of the defendant (12th Criminal Chamber of the Court of Cassation – Decision: 2015/16760).

Commercial Use of Wedding Photographs by the Photographer

In the case where it is claimed that the defendant committed the crime of violation of the privacy of private life because the wedding photos taken by the victim at the defendant’s workplace were made into an album and shown as an example to the customers coming to the defendant’s workplace, although it has been about 2.5 years since the wedding date and without his consent;

Since the wedding photographs taken by the victim wearing a groom’s suit on himself and a wedding dress on his wife, posing side by side with his wife, cannot be considered as images that violate the privacy of the victim’s private life, which the victim would not want to be seen and known by others, the defendant, who presented the photographs of the victim’s personal data to the view of others with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, taking into account that his action was described in the indictment, was sentenced under Article 226 of the Criminal Procedure Code. In accordance with Article 136/1 of the TCC, after granting the defendant the right of additional defense due to the possibility of the application of Article 136/1 of the TCC, while the defendant should be convicted of the crime of unlawfully giving or obtaining data, it is a reason for reversal to establish a verdict of acquittal for the defendant on insufficient grounds that the action is evaluated only within the scope of the crime of violation of the privacy of private life (12th Criminal Chamber of the Court of Cassation 2019/10411 E., 2020/7153 K.).

Obtaining Personal Data Known by Everyone is a Crime

During the period when the divorce case between the daughter of the defendant …, who worked as a notary public, and the victim … was ongoing, the witness …, an employee of a carpet store, called the defendant by phone and told the defendant that the debt of 2.000 TL related to the carpets purchased during the marriage preparations was not paid, and the defendant stated that the debt should first be collected from the victim because 2. 000 TL was deposited in the middle account of the victim and her daughter in a bank by her daughter with the explanation of the carpet money, the debt should first be collected from the victim, the witness … asked the defendant for the identity information and mobile phone number of the victim in order to reach the victim, the defendant obtained the identity card sample of the victim through the network called “Kobil”, which allows the electronic confirmation of the identity and address information of the relevant persons applying to the Notary Public and which is given to all notary offices by the Union of Notaries of Turkey in exchange for a password, and obtained the victim’s identity card sample and added the mobile phone numbers of the victim and the victim’s father, the victim’s home and … After handwriting the addresses of the victim and her daughter’s place of residence, she allegedly faxed the document in question and the account transactions related to the joint account of the victim and her daughter to the relevant carpet store with the note “… to the attention of Mr…”;

Article 136/1 of the Turkish Penal Code defines the giving, dissemination or seizure of any information belonging to a specific or identifiable person to another person as a crime under the title of “Unlawful giving or seizure of data”.

As emphasized in the decisions of the Criminal General Assembly of the Court of Cassation dated 04.07.2017, numbered 2017/829-2017/363 and dated 17.06.2014, numbered 2012/1510 – 2014/331; the legal value protected under Article 136 of the TCC is the private life and confidential area of life in general, and personal data in particular. In the regulations on the protection of personal data in Articles 135 and 136 of the TCC, there is no provision stating that only confidential personal data will be protected, and on the contrary, in the justification of Article 135, it is stated that all kinds of information related to the real person should be accepted as personal data, and the acts of unlawfully giving, disseminating and obtaining all kinds of personal data constitute the crime of unlawfully giving or obtaining data in Article 136 of the TCC. For this reason, personal information that is known by everyone and/or can be easily accessed and known should also be considered as “personal data” in the legal sense and should be protected against unlawful acts.

However, in order to prevent the consequences such as uncertainty in practice and almost every action constituting a crime by expanding the field of application of the crime of unlawfully giving or obtaining data more than intended, it is necessary to make a meticulous evaluation by taking into account the characteristics of the concrete event, to determine whether there is a reason for compliance with the law that can be accepted by any branch of law or a matter that can be taken into consideration within this scope, and to determine that the defendant knows or is in a position to know that he acted unlawfully with his action.

In the file examined in the light of these explanations; the local court’s decision of acquittal in writing, based on grounds contrary to the decisions of the Criminal General Assembly of the Supreme Court of Appeals and the consistent practices of our Chamber, in the form of “…data that are known by everyone or / and can be easily accessed, known and found cannot be evaluated (as personal data) within the scope of Article 136 of the Turkish Penal Code…”, and without considering that the data belonging to the victim subject to the lawsuit are not personal information that is known by everyone and / or can be easily accessed and known, is a reason for reversal (12th Criminal Chamber of the Supreme Court of Appeals 2020/108 E. Criminal Chamber 2020/1085 E. , 2022/5406 K.).

Photographs that are not related to private life are personal data

The defendant said, “…I shared and commented on the photos of the complainants by taking them from there because their facebook pages were open to everyone… I saw and shared the photos about a week after they were shared, we were married to my ex-wife at that time but we were not living together. ”, when evaluated together with the other evidence available in the file; the photographs published by the defendant on the defendant’s facebook account without the consent of the victim … cannot be considered as images related to the private life of the victim, which the victim would not want others to see and know; however, the defendant, who published the photographs of the victim, which are not related to the victim’s private life, which are personal data, on his facebook account with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, considering that his action is described in the indictment, is sentenced under Article 226 of the Code of Criminal Procedure. Article 136/1 of the TCC pursuant to Article 136/1. article and paragraph of Article 136/1 of the Turkish Criminal Code pursuant to Article 226 of the Code of Criminal Procedure, the defendant should be convicted of the crime of unlawfully transmitting or obtaining data for which additional defense was taken, while “…the photographs of the participants obtained as a result of their sharing in a way that everyone can see are not within the private boundaries, since there is no situation hidden from everyone, the elements of the crime in the crime attributed to the defendant by relying on the defenses of the defendant in this direction … ”, which, although emphasized in the reversal decision decided to be complied with, does not contain any explanation regarding the crime of illegally giving or obtaining data and the act is evaluated only within the scope of the crime of violating the privacy of private life by disclosing images or sounds, is a reason for reversal (Court of Cassation 12th Criminal Chamber 2021/10561 E., 2022/2028 K.).

The indictment is based on forged … The picture of the victimized child in the file, which was published on the account of …, consists of an image of the victimized child posed in clothes and taken at a relative’s wedding according to the statement of the victimized child posing and showing his head, face and the torso part of his body from where he is sitting, and the picture referred to as “pictures” in the indictment can only be accepted as personal data since it is not an image related to the private life area that the victimized child would not want to be seen and known by others and that would violate the confidentiality of his private life; also, the … account where the picture was published … When the issues that the name and surname of the victim child, which are personal data, are also used in the account, together with other evidence, when evaluated together with other evidence, it should be considered that the act attributed to the defendant in the form of obtaining the picture of the victim child, which is not related to the victim child’s private life area, with a method that there is no doubt that it is unlawful due to the absence of reasons for compliance with the law, and publishing it on the fake … account bearing the name and surname of the victim child, will constitute the crime of unlawfully giving or obtaining data under Article 136/1 of the TCC as a whole, taking into account the act described in the indictment and the phrases that offend the dignity of the victim child during the publication of the picture, taking into account Article 44 of the TCC. When the Article 136/1 of the TCC is also taken into consideration, it should be considered that it will constitute the offense of unlawfully giving or obtaining data under Article 136/1 of the TCC as a whole (12th Criminal Chamber of the Court of Cassation 2022/4512 E., 2022/6716 K.).

It is Possible to Obtain Personal Data by Reading

It is understood that the defendant and the victim were friends, the defendant applied for a credit card from … by memorizing the information on the victim’s identity card found on the table while the defendant was staying at the victim’s house, entered the victim’s identity information over the internet and applied for a credit card from …, and upon the realization of the situation by the Bank, the credit application was rejected while the loan application was in the evaluation stage; the decision of acquittal in writing was found to be unlawful, without considering that the defendant’s action constituted the crime of “unlawful giving or obtaining data” regulated in the first paragraph of Article 136 of the Law No. 5237 (Court of Cassation 8th. Criminal Chamber 2021/11096 E., 2024/1276 K.).

Administrative Sanction Decisions on Improper Use of Personal Data

Sending Content Not Belonging to the Person’s Phone

The data subject applied to the data controller due to a text message (SMS) sent to his personal phone number containing content that does not belong to him; in the response given by the data controller, it was stated that this sending was caused by a staff error and that the SMS was sent to the data subject as a result of a 1 digit error while logging in another subscriber and that the mistake was immediately corrected; However, as a result of the examination of his application in which he stated that the person whose personal data is included in the SMS sent to him is his nephew and that it is not possible to confuse his nephew’s phone number with his phone number with 1 digit change / mistake and requested that the necessary action be taken against the data controller,

As a result of two different data processing activities based on a single action, both sending the name, surname and service number of the person who is stated to owe money to a group of companies and who is understood to be the nephew of the complainant to the line belonging to the complainant, and processing the phone number of the complainant without relying on any of the processing conditions regulated in the Law, it was understood that the data controller lawyer did not fulfill the obligation to “Prevent unlawful processing of personal data” stipulated in subparagraph (a) of the first paragraph of Article 12 of the Law. 000 TL administrative fine (Decision of the Personal Data Protection Board dated 31/05/2019 and numbered 2019/166).

Unauthorized Informational/Advertising Phone Calls

As a result of the examination of the complaint application submitted to the Personal Data Protection Board due to the fact that the data subject did not receive an adequate response to the application he made to the data controller due to the fact that his personal mobile phone was called by an investment and securities company for information / advertising purposes without his explicit consent,

In the light of the information received from the data controller in the event subject to the complaint; It has been understood that the personnel, of which the complainant was a customer, previously worked in another investment company, and after the termination and closure of the activities of this company, the personnel in question started to work in the data controller company operating in the same field in 2017, so the complainant’s phone number information was obtained in this way, and then a personnel of the data controller called the relevant person for advertising and information purposes,

In paragraph (1) of Article 5 of the Law No. 6698 titled “Conditions for Processing Personal Data”, it is stated that personal data cannot be processed without the explicit consent of the person concerned, and in paragraph (2), provided that it is clearly stipulated in the Laws, it is mandatory for the protection of the life or physical integrity of the person himself or someone else who is unable to disclose his consent due to actual impossibility or whose consent is not legally valid, and it is directly related to the establishment or performance of a contract, the processing of personal data belonging to the parties to the contract is necessary, it is mandatory for the data controller to fulfill its legal obligation, it is made public by the person concerned, data processing is mandatory for the establishment, exercise or protection of a right, and data processing is mandatory for the legitimate interests of the data controller, provided that it does not harm the fundamental rights and freedoms of the person concerned, in the presence of one of the conditions, it is possible to process personal data without seeking the explicit consent of the person concerned,

When the application subject to the complaint is evaluated in terms of data processing conditions, since the Company’s processing of the Complainant’s phone number is not based on any of the conditions listed in Article 5 of the Law No. 6698, since it has been concluded that the Company has engaged in an unlawful data processing activity, an administrative fine of 75.000 TL will be imposed on the Company in accordance with paragraph (b) of paragraph (1) of Article 18 of the Law due to its violation of paragraph (a) of paragraph (1) of Article 12 of the Law. 000 TL administrative fine, regarding the Complainant’s allegations that a marketing personnel of the Company was a customer of the Company while working in another company, and that this personnel transferred this data to the Company, which is the new workplace; To inform the Complainant about Article 136 of the Turkish Penal Code,

Since the Company did not respond to the Complainant’s request for information on how and from whom his personal data was obtained in his application addressed to the Company, it was decided to warn the Company to show the necessary sensitivity and care in compliance with the Law and to instruct the Company to provide information to the Complainant as stated in the letter addressed to the Authority (Decision of the Personal Data Protection Board dated 01/08/2019 and numbered 2019/204).

Lawyer’s Submission of Health Documents to the Case File Does Not Constitute the Crime of Dissemination of Personal Data

In the case where the defendant, who is a lawyer, presented the documents regarding the hospital records of the participant, which were provided by his client’s son in the sexual harassment file, as evidence to the file, the defendant was convicted of the crime of unlawfully giving or obtaining data under Article 136 of the TPC No. 5237.

Since it was understood that the defendant, who was a lawyer and thought that the documents submitted to the file by the district court of appeal were of evidentiary nature, did not act with the intent to commit a crime, the decision of the local court for the conviction of the defendant was abolished and the defendant was acquitted.

Although it is stated that the defendant was acquitted as it was understood that the defendant did not act with intent and negligence, it is contrary to the law that the elements of the imputed offense did not occur when the acquittal verdict was rendered against the defendant, and the applicable law and article should be shown as 223/2-a of the Criminal Procedure Code, while it should be shown as Article 223/2-c of the same Code (12th Criminal Chamber of the Court of Cassation 2020/1485 E., 2024/2148 K.).

What is the Complaint Period and Statute of Limitations for Crimes of Violation of Personal Data?

Which information is considered personal data?

What are the Elements of the Crime of Obtaining, Giving or Disseminating Personal Data?

What is the Penalty for the Offense of Giving, Disseminating or Obtaining Personal Data to Another Person (Art. 136 of the TPC)?

What are the Qualified Conditions that Increase the Penalty for the Crime? (Article 137 of the TPC)

Postponement of Sentence, Conversion to Judicial Fine or HAGB Issues

Why Us?

Criminal Offense of Giving, Disseminating or Obtaining Personal Data to Others Court of Cassation Decisions

Private Life Images and Sounds Do Not Constitute the Crime of Obtaining or Disseminating Personal Data

Personal Data Must Be Recorded First

Interception of Telephone Call Records

Giving Personal Data with Cell Phone Number to Another Person (Dissemination)

Groom’s and Wedding Dress Photos are Personal Data

Posting a victim’s Twitter photo on one’s own account

Personal Data in the Exercise of the Right to Complaint

Publishing Captured Photographs / Pictures / Images

Obtaining Bank or Credit Card Information (Personal Data)

Use of Personal Health Information in Litigation

Sharing a Cell Phone Belonging to a Person over the Internet

Officer’s Offense of Obtaining Personal Data

Police Officer’s Acquisition and Transfer of Personal Data

How is the Crime of Disseminating or Giving Personal Data to Others Committed?

The Crime of Obtaining Personal Data such as Name-Surname and Phone Number

Procedure for Preservation of Personal Data as Evidence

Failure to Remove Photos Posted on Facebook with Consent

The Difference Between the Crimes of Giving/Disseminating Personal Data to Others and Privacy of Private Life

Showing Pictures on Facebook Social Media

How to Save and Send Someone Else’s Whatsapp Profile Picture

Commercial Use of Wedding Photographs by the Photographer

Obtaining Personal Data Known by Everyone is a Crime

Photographs that are not related to private life are personal data

It is Possible to Obtain Personal Data by Reading

Administrative Sanction Decisions on Improper Use of Personal Data

Unauthorized Informational/Advertising Phone Calls

Lawyer’s Submission of Health Documents to the Case File Does Not Constitute the Crime of Dissemination of Personal Data

Leave a Reply Cancel reply

Phone

Email

Address

Contact Us

What is the Crime of Obtaining, Giving or Disseminating Personal Data?

What is the Complaint Period and Statute of Limitations for Crimes of Violation of Personal Data?

Which information is considered personal data?

What are the Elements of the Crime of Obtaining, Giving or Disseminating Personal Data?

What is the Penalty for the Offense of Giving, Disseminating or Obtaining Personal Data to Another Person (Art. 136 of the TPC)?

What are the Qualified Conditions that Increase the Penalty for the Crime? (Article 137 of the TPC)

Postponement of Sentence, Conversion to Judicial Fine or HAGB Issues

Why Us?

Criminal Offense of Giving, Disseminating or Obtaining Personal Data to Others Court of Cassation Decisions

Private Life Images and Sounds Do Not Constitute the Crime of Obtaining or Disseminating Personal Data

Personal Data Must Be Recorded First

Interception of Telephone Call Records

Giving Personal Data with Cell Phone Number to Another Person (Dissemination)

Groom’s and Wedding Dress Photos are Personal Data

Posting a victim’s Twitter photo on one’s own account

Personal Data in the Exercise of the Right to Complaint

Publishing Captured Photographs / Pictures / Images

Obtaining Bank or Credit Card Information (Personal Data)

Use of Personal Health Information in Litigation

Sharing a Cell Phone Belonging to a Person over the Internet

Officer’s Offense of Obtaining Personal Data

Police Officer’s Acquisition and Transfer of Personal Data

How is the Crime of Disseminating or Giving Personal Data to Others Committed?

The Crime of Obtaining Personal Data such as Name-Surname and Phone Number

Procedure for Preservation of Personal Data as Evidence

Failure to Remove Photos Posted on Facebook with Consent

The Difference Between the Crimes of Giving/Disseminating Personal Data to Others and Privacy of Private Life

Showing Pictures on Facebook Social Media

How to Save and Send Someone Else’s Whatsapp Profile Picture

Commercial Use of Wedding Photographs by the Photographer

Obtaining Personal Data Known by Everyone is a Crime

Photographs that are not related to private life are personal data

It is Possible to Obtain Personal Data by Reading

Administrative Sanction Decisions on Improper Use of Personal Data

Unauthorized Informational/Advertising Phone Calls

Lawyer’s Submission of Health Documents to the Case File Does Not Constitute the Crime of Dissemination of Personal Data

Leave a Reply Cancel reply