TRBusiness18 days ago

Tracking employee hours with biometric data deemed unlawful

The Personal Data Protection Authority (KVKK) has ruled that using biometric data to track employee working hours is unlawful. The authority noted that while laws allow employers to monitor working hours, there is no specific legal provision permitting the use of biometric identification for this purpose. The KVKK recommended alternative methods such as encrypted cards, PINs, signatures, or manual entries. Biometric systems like fingerprint or facial recognition were described as convenient but raised significant privacy concerns.

The Personal Data Protection Authority ( KVKK ) has ruled that tracking employee working hours through biometric data processing is unlawful.

In its decision published in the Official Gazette yesterday, the authority emphasized that while legal regulations draw the framework for employers to monitor and document working hours, there is no explicit statutory regulation allowing this to be done via biometric identification.

"Since there is no clear legal regulation providing for tracking to be done with biometric identification systems, carrying out attendance tracking through the processing of biometric data may constitute a violation of the law," the KVKK stated.

The authority said attendance tracking should instead be ensured through other methods including encrypted cards or PIN-based systems, traditional signature and paper-based attendance sheets, RFID/NFC identification cards, or manual entry under supervisor oversight.

While biometric identification systems such as fingerprints, facial recognition, iris scans, or retina scans appear attractive to employers due to being fast, accurate, and resistant to manipulation, this "forms an extremely sensitive area within the context of personal data protection law," according to the decision.

Employee complaints

The KVKK said that complaints regarding biometric systems are among the most frequent issues it receives from employees.

Highlighting a structural power imbalance in the employee-employer relationship, the authority expressed doubts over whether obtaining explicit consent from workers relies on free will.

Moreover, tracking practices must comply with the principles of proportionality, necessity, and data minimization, it added.

The KVKK is the highest decision-making body established to oversee the lawful processing of personal data and protect citizens' privacy rights in Turkey. Its legal framework is drawn by the Personal Data Protection Law No. 6698, which entered into force in 2016.

The KVKK is defined as a completely independent and autonomous structure that possesses administrative and financial independence and does not receive orders or instructions from any authority, organ, or person. It is affiliated with the Justice Ministry for bureaucratic procedures.

The board consists of nine members, with five elected by parliament and four appointed by the president. (AEK/VK)

Read the full article at Bianet →

Source document: Personal Data Protection Authority (KVKK)

1 reports

BianetIndependentCenter18 days ago

Tracking employee hours with biometric data deemed unlawful

Bias read (Center): The article presents the ruling by the Personal Data Protection Authority without overtly favoring any political side. It focuses on legal interpretations and privacy concerns rather than taking a stance on broader policy or ideological debates. The language remains neutral, emphasizing legal and监管（

Official sources cited

government Personal Data Protection Authority (KVKK)
government Official Gazette

Go to the primary sources (2)

The official sources this coverage is built on. Read them directly to bypass framing.

governmentPersonal Data Protection Authority (KVKK)
governmentOfficial Gazette