| NEWSLETTER ON THE PROTECTION OF PERSONAL DATA |
| February 2026 / Issue:4 Atty. Nil Merve Çelikbaş Şeker, L.LM. |
Atty. Nil Merve Çelikbaş Şeker, L.LM.
In the first period of 2026, the numerous developments have occurred in the field of personal data protection through decisions rendered by the Personal Data Protection Authority (“Authority”), judicial bodies, and international data protection authorities, as well as through regulatory and practical developments shaping the implementation of the legislation. In particular, data security in digital environments, the protection of personal data belonging to children and young individuals, artificial intelligence-based data processing activities, the use of biometric data, employee monitoring practices, notification procedures concerning data breaches, and the current practices regarding administrative fines have emerged as key topics requiring reassessment by data controllers within their compliance processes in 2026.
In this Newsletter, the current practices of the Personal Data Protection Authority, the decisions of the Constitutional Court and higher courts, and the contemporary approaches adopted by the international data protection authorities are addressed collectively, with a focus on developments that bear particular significance for data controllers and practitioners.
Within this scope, in the present issue of our Newsletter on the Protection of Personal Data, we will provide brief overviews of the following topics:
- Recent Announcement Regarding the Authority’s Administrative Sanctions and Implementation Data in the Field of Personal Data Protection
- Legislative Proposal on the Protection of Children and Young Individuals in Digital Environments and Its Implications under the Personal Data Protection Law
- Unauthorized re-Sharing of Photographs on Social Media
- Legislative Proposal Concerning Artificial Intelligence-Generated Content under the Personal Data Protection Law
- Public Announcement on the Implementation of Exceptions to the Data Controllers’ Registry (VERBIS)
- Updating of Administrative Fines within the Scope of the Cybersecurity Law
- Requirement of Separate Explicit Consent for Marketing Notifications in Mobile Applications
- Special Authorization Requirement in Social Security Institution Applications and Its Assessment under the Personal Data Protection Law
- Request for the Removal of Security Cameras in University Dormitories
- GDPR Decision Concerning an Unborn Child
- Substantial Penalty Imposed on a Lawyer and the Client for Submitting an AI-Generated Petition
- Retaining Active E-Mail Accounts of Former Employees Contrary to the GDPR
- Collection Challenges Regarding GDPR Fines in Europe
- Personal Data Protection Newsletter: Digital Literacy and the Protection of Personal Data
- Foreign-Origin Communication Applications Used within Public Institutions
- Precedent Decision of the Court of Cassation: The Principle of Equal Treatment Prevails over Confidentiality
- Court of Cassation Decisions: Limits of Privacy, Monitoring, and Evidence Collection in the Workplace
- Roll-Call Penalty Through Facial Recognition
- GDPR Fine Due to In-Vehicle Monitoring
- Limitation of the Data Breach Announcement Period to 60 Days
- Constitutional Court Decision: Publication of an Examination Result Document Not Considered within the Scope of Freedom of the Press
- Mandatory Identity Verification in Loyalty Card Applications: A Principle Decision of the Personal Data Protection Authority
We wish you an enjoyable reading.
RECENT ANNOUNCEMENT REGARDING THE AUTHORITY’S ADMINISTRATIVE SANCTIONS AND IMPLEMENTATION DATA IN THE FIELD OF PERSONAL DATA PROTECTION
In a public statement delivered by the President of the Personal Data Protection Authority, it was announced that, as a result of the examinations and audits conducted within the scope of Law No. 6698, a total of TRY 1,297,282,000 in administrative fines has been imposed to date. Since the Authority became operational in 2017, 56,377 out of 58,640 reports, complaints and applications have been concluded, and 403 out of 1,917 personal data breach notifications have been disclosed to the public.
It was further stated that, within the scope of cross-border transfers of personal data, 3,857 standard contractual clauses have been notified to the Authority, and 13 undertakings have been approved. In addition, in order to guide the implementation of the legislation, the Authority has issued 1,350 legal opinions, 332 Board decisions and 10 principle decisions to date. It was also announced that seven new guidelines were prepared in 2025, bringing the total number of guidelines published by the Authority to 57.
LEGISLATIVE PROPOSAL ON THE PROTECTION OF CHILDREN AND YOUNG INDIVIDUALS IN DIGITAL ENVIRONMENTS AND ITS IMPLICATIONS UNDER THE PERSONAL DATA PROTECTION LAW
The 14-article legislative proposal, announced by the Minister of Family and Social Services and subsequently submitted to the Grand National Assembly of Türkiye, aims to establish a protective legal framework against the risks that children (under the age of 18) and young individuals (aged 18–24) may encounter in the digital environments. Within the scope of the proposal, the social network providers will be subject to age verification obligations, and it is stipulated that biometric data may only be processed for the verification purposes and may not be stored following the completion of such processing. Personalized advertisements directed at children are prohibited, and parentally controlled safe account and search systems are to be made mandatory.
The proposed regulation further aims to ensure that platforms refrain from addictive design practices, unlimited content feeds, and algorithmic manipulation, and that personal data belonging to children and young individuals are not transferred to third parties. Additionally, the proposal introduces age classification for digital content, limits screen time and online gaming durations for children under the age of 16, requires that weekly usage reports be provided to parents, and mandates instant notifications in respect of risky content.
In cases of non-compliance with the prescribed obligations, administrative fines and sanctions including the suspension of activities are envisaged. Moreover, the proposal provides for criminal sanctions, including imprisonment, for individuals who produce or disseminate harmful content targeting children.
From the perspective of Law No. 6698, the proposal is considered to particularly strengthen the principles of proportionality, data minimization, and data security in the processing of personal data belonging to children. Through mechanisms such as age verification systems, the limited use of biometric data, and restrictions on data transfers, the proposal introduces enhanced technical and administrative safeguard obligations for data controllers. In this respect, the regulation signals a comprehensive restructuring of policies concerning the protection of children in digital environments in close integration with personal data protection law.
UNAUTHORIZED RE-SHARING OF PHOTOGRAPHS ON SOCIAL MEDIA
In its decision dated 16 September 2025 (12th Criminal Chamber, Merits No. 2023/3439, Decision No. 2025/6519), the Court of Cassation evaluated the act of obtaining photographs of colleagues from their social media accounts and reposting them on one’s own account without authorization as constituting the offence of unlawfully giving or obtaining personal data.
In the reasoning of the decision, it was emphasized that personal data encompasses any information relating to an identified or identifiable natural person, and that images shared on social media retain their character as personal data. The Court further noted that the fact that such images were previously shared by the relevant individuals does not grant third parties an unrestricted right of use.
Accordingly, the decision demonstrates that re-sharing images without explicit consent constitutes a violation of the lawfulness requirements set forth under the Personal Data Protection Law and may also give rise to criminal liability under criminal law.
LEGISLATIVE PROPOSAL CONCERNING ARTIFICIAL INTELLIGENCE-GENERATED CONTENT UNDER THE PERSONAL DATA PROTECTION LAW
A legislative proposal submitted to the Grand National Assembly of Türkiye provides that, where audio, written, or visual content generated through artificial intelligence tools is shared without the consent of the relevant individual, digital platforms allowing such dissemination may be subject to administrative fines calculated on the basis of their turnover.
The proposal aims to prevent the dissemination of deepfake and similar artificial intelligence outputs that infringe personal data, and imposes direct responsibilities on digital platforms with regard to content monitoring and supervision. Through this regulation, it is expressly emphasized that the principles set forth under the Personal Data Protection Law regarding the lawful processing and protection of personal data shall equally apply to Al-generated content.
PUBLIC ANNOUNCEMENT ON THE IMPLEMENTATION OF EXCEPTIONS TO THE DATA CONTROLLERS’ REGISTRY (VERBIS)
The Personal Data Protection Authority has issued a public announcement regarding the implementation of a newly introduced exception to the obligation to register with the Data Controllers’ Registry (VERBIS). According to the announcement, for data controllers who do not maintain accounting records on a balance-sheet basis, the annual financial balance criterion will not be required, and only the number of employees will be taken into consideration.
Accordingly, data controllers whose principal activity consists of processing special categories of personal data and who employ fewer than 10 employees may be exempt from the Registry obligation solely on the basis of this criterion where financial balance information is not available.
However, the Authority has particularly emphasized that this exception does not constitute an exemption from the scope of the Personal Data Protection Law. Accordingly, obligations such as the duty to inform data subjects, the implementation of data security measures, and the obligations relating to the retention and destruction of personal data remain fully applicable.
UPDATING OF ADMINISTRATIVE FINES WITHIN THE SCOPE OF THE CYBERSECURITY LAW
Based on the revaluation rate applicable for 2026, the administrative fines stipulated under the Cybersecurity Law No. 7545 have been significantly increased. Accordingly, substantial sanctions amounting to millions of Turkish lira are envisaged for acts such as failure to implement cybersecurity measures, failure to notify cybersecurity incidents, non-compliance with authorized supplier obligations, and violations of audit obligations.
This regulation reinforces the obligation to ensure the security of personal data from both technical and administrative perspectives, and demonstrates that data breaches may give rise not only to sanctions under the Personal Data Protection Law but also to severe penalties under cybersecurity legislation.
REQUIREMENT OF SEPARATE EXPLICIT CONSENT FOR MARKETING NOTIFICATIONS IN MOBILE APPLICATIONS
The Authority has clarified that communications constituting a natural part of a service, such as order tracking and shipment notifications in mobile applications, cannot be presented under the same consent mechanism as marketing notifications containing advertisements or campaign content. The Authority emphasized that such practices undermine the principle that explicit consent must be based on free will, and that making access to the service conditional upon marketing consent constitutes an unlawful practice.
Accordingly, users must be provided with the opportunity to individually select which types of notifications they wish to receive. Through this clarification, it has been emphasized that marketing notifications may only be processed on the basis of a separate and explicit consent, and that mobile applications must be technically designed in a manner compatible with such user preferences.
SPECIAL AUTHORIZATION REQUIREMENT IN SOCIAL SECURITY INSTITUTION APPLICATIONS AND ITS ASSESSMENT UNDER THE PERSONAL DATA PROTECTION LAW
The Council of State (10th Chamber, Merits No. 2020/1062, Decision No. 2024/2503, dated 11 June 2024) rejected a request for annulment concerning paragraph 2 of Article 80 of the Regulation on Social Insurance Procedures, titled “Applications Submitted by Legal Representatives or Proxies.”
The claimant had argued that requiring special authorization in notarized powers of attorney restricted the powers of the Union of Turkish Bar Associations and the Union of Notaries and was contrary to the Attorneyship Law and the Turkish Code of Obligations. The Council of State, however, held that the requirement of special authorization for applications submitted by proxy for pensions to be granted by the Social Security Institution serves the purpose of protecting personal data in accordance with the Personal Data Protection Law. The Court further emphasized that the regulation applies not only to attorneys but to all representatives, and that it serves to protect individual or collective data as well as commercial secrets. Accordingly, the request for annulment was dismissed.
REQUEST FOR THE REMOVAL OF SECURITY CAMERAS IN UNIVERSITY DORMITORIES
In its decision (10th Chamber, Merits No. 2021/390, Decision No. 2024/2588, dated 12 June 2024), the Council of State reassessed a dispute arising from a request by a trade union for the removal of cameras installed in university dormitories on the grounds that they allegedly violated the privacy of employees working in the dormitories.
Upon examining the camera recordings, the Council of State determined that the cameras were installed for the purposes of ensuring building and corridor security as well as the safety of students and staff, and that they were not intended to directly monitor employees. The Court concluded that such processing could be evaluated within the scope of legitimate interest pursuant to Article 5/2(f) of the Personal Data Protection Law. On this basis, the Council of State overturned the annulment decision rendered by the court of first instance.
GDPR DECISION CONCERNING AN UNBORN CHILD
The Belgian Data Protection Authority found that a physiotherapist’s access to the gender information of an unborn child, as well as the review of shared electronic health records without the knowledge of the pregnant patient, constituted a violation of the General Data Protection Regulation (GDPR) (APD/GBA (Belgium)- 209/2025).
The Authority issued reprimands against both the physiotherapist and the hospital pursuant to the relevant provisions of the GDPR. From the perspective of Turkish law, the decision confirms that, under Article 28 of the Turkish Civil Code, the unborn child possesses legally protectable interests, and that information relating to pregnancy is treated as special categories of personal data under the Personal Data Protection Law.
SUBSTANTIAL PENALTY IMPOSED ON A LAWYER AND THE CLIENT FOR SUBMITTING AN Aı-GENERATED PETITION
The United States District Court for the Southern District of Mississippi (Mohan Pauliah v. University of Mississippi Medical Center, Cause No. 3:23-CV-3113-CWR-ASH) imposed monetary sanctions on both the plaintiff and the plaintiff’s attorney for submitting a sworn statement containing fabricated content generated through artificial intelligence.
The court imposed a fine of USD 1,000 on the plaintiff and USD 4,000 on the attorney, while also requiring the attorney to participate in professional training aimed at raising awareness regarding fabricated Al-generated content. The court further ordered that the fabricated statement be removed from the case file and that the case be dismissed.
RETAINING ACTIVE E-MAIL ACCOUNTS OF FORMER EMPLOYEES CONTRARY TO THE GDPR
The Belgian Data Protection Authority (APD/GBA (Belgium) – 01/2026) ruled that keeping the e-mail accounts of former employees active for an extended period following termination of employment constitutes a violation of the GDPR.
While such processing might initially be justified under legitimate interest, the Authority determined that this justification ceased to exist after a prolonged period, rendering the continued processing unnecessary. Due to the rejection of the former employee’s requests for access and deletion, the Authority issued a reprimand against the data controller.
COLLECTION CHALLENGES REGARDING GDPR FINES IN EUROPE
The Irish Data Protection Commission (DPC), which serves as the lead supervisory authority for many large technology companies operating in Europe, has published significant data concerning GDPR administrative fines imposed over the past six years.
According to the Commission, of the EUR 4.04 billion in GDPR fines imposed between 2020 and 2026, only EUR 20 million has been successfully collected. It was noted that a substantial portion of the fines remains uncollected due to lengthy judicial proceedings and appeals, particularly in cases involving major technology companies.
PERSONAL DATA PROTECTION AUTHORITY NEWSLETTER: DIGITAL LITERACY AND THE PROTECTION OF PERSONAL DATA
The Authority has published the latest issue of its quarterly newsletter under the theme “Digital Literacy and the Protection of Personal Data.” The publication addresses topics such as digital privacy, data security in children’s gaming environments, and key considerations before and during the use of mobile applications, while also providing updates on recent developments in the field. The newsletter aims to enhance awareness both at the individual and sectoral level.
FOREIGN-ORIGIN COMMUNICATION APPLICATIONS USED IN PUBLIC INSTITUTIONS
The Personal Data Protection Authority has announced that the sharing of confidential data through foreign-origin communication applications such as WhatsApp is not appropriate for public institutions.
It has been emphasized that, in accordance with the relevant Presidential Circular and applicable legislation, domestically developed communication applications should be preferred. The Authority further underlined that personnel GSM numbers constitute personal data processed within the scope of data processing activities, and therefore the requirements of the Personal Data Protection Law must be complied with in such contexts.
PRECEDENT DECISION OF THE COURT OF CASSATION: THE PRINCIPLE OF EQUAL TREATMENT PREVAILS OVER CONFIDENTIALITY
In its decision dated 5 October 2017 (9th Civil Chamber, Merits No. 2016/24041, Decision No. 2017/15069), the Court of Cassation held that the dismissal of a technical support employee for allegedly disclosing company secrets was unlawful. The employee had shared a document containing salary and raise rates obtained during maintenance work in order to demonstrate to his supervisor that his own salary was lower than that of colleagues performing the same work.
Although the court of first instance dismissed the case on the grounds that the employee had shared information with third parties and breached the duty of loyalty, the Court of Cassation conducted its assessment within the framework of the employer’s obligation of equal treatment under Article 5 of the Labour Law and the principle of equality under Article 10 of the Constitution.
The Court emphasized that employees cannot effectively verify compliance with the principle of equal treatment without knowledge of the wages and raise rates of other employees working in the same workplace. Unless malicious use is proven, such information cannot be considered absolutely confidential, and the principle of equality must prevail over claims of confidentiality.
Since the employer failed to demonstrate that the employee’s conduct caused concrete adverse consequences within the workplace or that the continuation of the employment relationship could no longer reasonably be expected, the Court concluded that the termination was not based on a valid reason. Accordingly, the decision of the lower court was overturned, the termination was declared invalid, and the employee was ordered to be reinstated. In the event that the employer fails to reinstate the employee despite application, compensation equivalent to four months’ salary, together with up to four months’ wages for the period spent out of work, was awarded.
COURT OF CASSATION DECISIONS: LIMITS OF PRIVACY, MONITORING AND EVIDENCE COLLECTION IN THE WORKPLACE
In its decision dated 24 January 2018 (Civil General Assembly, Merits No. 2017/3017, Decision No. 2018/99), the Court of Cassation recognized that the search of desks, cabinets and drawers allocated to employees may constitute an interference with private life. However, the Court emphasized that such interference cannot automatically be considered unlawful in all circumstances.
The decision adopted an approach parallel to the “reasonable expectation of privacy” criterion established in the European Court of Human Rights decision in Peev v. Bulgaria. In the case at hand, the employer’s Personnel Regulation clearly stipulated that desks and cabinets could contain only work-related documents, that personal items were not permitted, and that inspections could be conducted when necessary. Accordingly, the Court concluded that the employee could not reasonably expect that these areas would remain free from inspection, and therefore the search, although touching upon a private sphere, was not considered unlawful in the specific circumstances.
In another decision, the 12th Criminal Chamber of the Court of Cassation ruled that a secret audio recording made by an employee who was a party to the conversation for the purpose of proving workplace mobbing does not constitute a criminal offence (Merits No. 2020/1058, Decision No. 2022/6239, dated 5 October 2022). Although the employee had been prosecuted under Article 133/1 of the Turkish Penal Code, the Court concluded that the person making the recording was a direct party to the conversation, that the recording did not concern communication belonging to third parties, and that the content did not violate the privacy of private life. Accordingly, the acquittal decision was unanimously upheld.
Furthermore, in its decision dated 7 May 2019 (22nd Civil Chamber, Merits No. 2017/21857, Decision No. 2019/9884), the Court of Cassation held that records obtained through a “keylogger” program secretly installed on an employee’s computer could not be relied upon as a basis for termination. The Court emphasized that, under Articles 417 and 419 of the Turkish Code of Obligations, the protection of the employee’s personality and personal data constitutes a fundamental principle. While employers may exercise monitoring powers within the scope of their managerial authority, such powers are not unlimited, and employees must be clearly informed in advance. Consequently, data obtained through secret and undefined monitoring practices were considered unlawful and therefore incapable of constituting a valid ground for termination.
ROLL-CALL PENALTY THROUGH FACIAL RECOGNITION
The Italian Data Protection Authority (Provvedimento del 29 gennaio 2026 [10221611]) imposed an administrative fine of EUR 50,000 on Università Telematica e-Campus for using biometric facial recognition systems during online classes.
The investigation revealed that the explicit consent obtained from students did not meet the requirement of free will, that the principles of data minimization and storage limitation had not been complied with, and that a Data Protection Impact Assessment (DPIA) had not been properly conducted for the high-risk processing activity. The Authority also took into account the fact that the university subsequently modified and discontinued the system during the process.
EUR 120,000 GDPR FINE DUE TO IN-VEHICLE MONITORING
The Italian Data Protection Authority (Garante per la protezione dei dati personali (Italy) – 10213711) imposed a fine of EUR 120,000 due to the monitoring of employees’ location, speed, braking and driving behavior through GPS and driving monitoring systems installed in company vehicles.
It was determined that the information provided to employees was insufficient, that the legitimate interest balancing test had not been properly conducted, that a DPIA had not been carried out, and that the collected data had been retained for 13 months. Furthermore, the sharing of data with group companies without adequate data processing agreements was also considered a violation. The Authority additionally ordered the deletion of the collected data.
DATA BREACH ANNOUNCEMENT PERIOD LIMITED TO 60 DAYS
The Authority reiterated that, pursuant to Article 12/5 of the Personal Data Protection Law, data breaches must be notified to the Board within 72 hours at the latest. By virtue of the Board Decision dated 25 December 2025 and numbered 2025/2451, it was decided that data breach announcements published on the Authority’s website will henceforth remain publicly available for a period of 60 days.
Where it is documented that the affected data subjects have been notified within a shorter period, the announcement may be removed from publication before the expiration of the 60-day period. The purpose of this regulation is to ensure transparency enabling affected individuals to prevent potential harm, while also limiting the duration of public disclosure in a proportionate manner.
CONSTITUTIONAL COURT DECISION: PUBLICATION OF AN EXAMINATION RESULT DOCUMENT NOT CONSIDERED WITHIN THE SCOPE OF FREEDOM OF THE PRESS
In the application of 32 Yayıncılık Ltd. Şti. (Application No. 2022/58084, Decision dated 17 September 2025), the Constitutional Court held that the administrative fine of TRY 30,000 imposed for publishing a student’s YKS examination result document on a news website—together with the student’s name, surname, photograph, university placement and score information—did not constitute a violation of freedom of expression or freedom of the press.
The Court emphasized that the protection of personal data constitutes a legitimate aim under the Personal Data Protection Law, and concluded that the publication did not contribute to the public interest, that the individual concerned was not a public figure, and that the content did not contribute to a matter of public debate. Accordingly, defenses based on “daily news reporting” or prior disclosure by the individual were not deemed sufficient. The Court determined that the administrative fine had a legal basis, was proportionate, and established a fair balance between freedom of expression and the protection of personality rights, ultimately concluding that no violation had occurred.
MANDATORY IDENTITY VERIFICATION IN LOYALTY CARD PROGRAMS: PRINCIPLE DECISION OF THE PERSONAL DATA PROTECTION BOARD
With the Principle Decision No. 2026/266, published in the Official Gazette on 28 February 2026, the Personal Data Protection Board examined the use of loyalty card programs by third parties.
The decision emphasizes that situations in which third parties provide the cardholder’s mobile phone number or card number during purchases without any verification and thereby obtain discounts or loyalty points may create risks in terms of the principle of accuracy and currency set forth in Article 4 of Law No. 6698 and the data security obligations regulated under Article 12. In particular, it was highlighted that where the person conducting the transaction differs from the person registered as the loyalty account holder, transaction histories that do not reflect reality may be generated concerning the cardholder.
The Board stated that data controllers must implement appropriate technical and administrative safeguards, such as SMS-based one-time passwords, mobile application approvals, QR code verification, or card/password authentication mechanisms. Rather than limiting applications to a single verification method, the Board emphasized the importance of structuring verification processes in accordance with the type of transaction and the level of risk involved.
Following the six-month compliance period granted as of the date of publication of the Principle Decision, administrative sanctions under Article 18 of Law No. 6698 may be imposed on data controllers that fail to take the necessary compliance steps. This development necessitates that all sectors operating loyalty programs review their existing systems and restructure their verification processes accordingly.
Bibliography:
The relevant decisions, announcements and news may be reached from the following links:
(only available in Turkish)
https://tbmm.gov.tr/Yasama/KanunTeklifi/fbc0a279-1f5b-4c15-aca4-019b98b57dfd
https://www.lexpera.com.tr/ictihat/yargitay/12-ceza-dairesi-e-2023-3439-k-2025-6519-t-16-9-2025
https://tbmm.gov.tr/Yasama/KanunTeklifi/90b549a1-3c01-4789-a768-019b9e131772
https://gdprhub.eu/index.php?title=APD/GBA_(Belgium)_-_209/2025&mtc=today
https://gdprhub.eu/index.php?title=APD/GBA_(Belgium)_-_209/2025&mtc=today
https://www.kvkk.gov.tr/SharedFolderServer/CMSFiles/MTY5NzcwZDA3MjJlZDY.pdf
https://www.lexpera.com.tr/ictihat/yargitay/9-hukuk-dairesi-e-2016-24041-k-2017-15069-t-5-10-2017
https://www.lexpera.com.tr/ictihat/yargitay/hukuk-genel-kurulu-e-2017-3017-k-2018-99-t-24-1-2018
https://www.lexpera.com.tr/ictihat/yargitay/22-hukuk-dairesi-e-2017-21857-k-2019-9884-t-7-5-2019
https://www.kvkk.gov.tr/Icerik/8595/kamuoyu-duyurusu
https://www.lexpera.com.tr/ictihat/anayasa-mahkemesi/e-2022-58084-t-17-9-2025
https://www.resmigazete.gov.tr/eskiler/2026/02/20260228-5.pdf
*Legal Warning*
This post is for the purpose of exchanging information and experiences, and it does not provide a legal guarantee regarding the accuracy or timeliness of the material contained in the articles. Celikbaş Law Office assumes no responsibility for any losses incurred as a result of the use of any information or other content contained in this article, whether direct or indirect. According to the relevant regulations of the Union of Bar Associations of the Republic of Türkiye, the content given on this site is for informational purposes only and does not constitute an advertisement, offer, legal advice, or consulting. The transmission of this information does not constitute the establishment of an attorney-client relationship. Because this information may not represent the most recent legal developments, readers should contact with a lawyer about the current situation.