Ümit Eyüpoğlu's application with application number 2018/6161 was concluded with the decision of the Constitutional Court published in the Official Gazette on 20.12.2022.
The claim that the applicant's right of the effective application has been violated in connection with the right to request the protection of personal data due to the refusal of the applicant's request to provide information about the phone line used by the Constitutional Court has been examined. In the concrete case, the applicant requested from the relevant company to share with him the internet data of the phone line he used, log records, the IMEI information of his phone, the date of Hot Spot use, and the log records of the dates he received a shared IP with other subscribers while using the internet. However, the company rejected the applicant's request, stating that this information could only be shared if the court requested.
As a result of the lawsuit filed by the applicant, the local court emphasized that the requested issues related to material data rather than a right or legal relationship, while the Regional Court of Justice rejected the applicant's request for appeal, stating that the requested data fell outside the information that is obliged to be shared in accordance with the legislation.
In the concrete case, it has been determined by the Constitutional Court that the internet data of the phone line registered in the name of the applicant, the log records, the IMEI information of the phone, the information regarding the date of Hot Spot use are the nature about a specific natural person, and to request access, correction, or erasure of this information and whether it is used or not. It has been stated that learning that information has not been used should be examined in terms of the right to request the protection of personal data within the scope of the right to respect for private life.
Referring to the European Court of Human Rights and the case-law of the Constitutional Court within the scope of its assessment, the Constitutional Court underlined the following points:
· One of the legal interests protected under the right to respect for private life is the right to privacy. The right to privacy also includes the legal interest of the individual to control information about himself/herself. The individual has an interest in not revealing or disseminating any information about himself/herself without his/her consent, not being able to access this information by others and not using it without his/her consent, that is, keeping this information confidential.
· With Article 20 of the Constitution, everyone has the right to demand the protection of their personal data, and this right also includes being informed about the personal data of the person.
· Personal data refers to all information relating to a person if it belongs to a specific or identifiable natural person. Not only the information that reveals his/her identity, such as his/her name and date of birth, but also all data that makes the person identifiable directly or indirectly, such as motor vehicle license plate, resume, photo, IP address, shopping habits, hobbies, and people with whom he/she interacts are within the scope of personal data.
· In order to be able to examine in terms of the right to request the protection of personal data, it should be determined whether there is a personal data that needs to be protected within the scope of the aforementioned right. The presence of personal data should be determined autonomously, considering the specific circumstances of the case and the application.
· In the concrete case, it is understood that the internet data of the telephone line registered in the name of the applicant, the log records, the IMEI information of the phone, the date of the Hot Spot (open access Wi-fi point) are within the scope of the information about a certain natural person. Further, accessing this information, requesting its correction or erasure, and learning whether it is used for its purposes should be examined in terms of the right to request the protection of personal data within the scope of the right to respect for private life.
· The right of persons to be informed about the personal data related to them and to have access to this data is an extension of the principle of transparency or openness of data processing. Knowing which data about themselves is processed by whom, when and for what reasons also enables individuals to exercise their rights such as correction, erasure, and blocking of these data, and it has a complementary feature to ensure the realization of the mentioned constitutional guarantees.
· In a democratic society, the process of processing personal data should be carried out in a transparent manner, as a requirement of this, data owners should be given the opportunity to access their personal data and necessary measures should be taken for easy use of this opportunity.
Within the scope of these explained issues; it was assessed that the courts of instance, with a narrow interpretation, found these requests related to material data rather than a right or legal relationship, and rejected them by not entering the merits of the case due to the absence of an interest requirement, since there is no current benefit before the consumer court, preventing the applicant from accessing his personal data. As a result of this, it was decided that the right to effective application in connection with the right to request the protection of personal data within the scope of the right to respect for private life was violated.
Authors: Burak Özdağıstanli, Bensu Özdemir, Ebru Gümüş