Personal Data Protectıon Board’s Decision Dated 30.09.2021 on “Usıng the Image of the Data Subject in the Content of a News Sıte Wıthout Their Explıcıt Consent”

açık rıza ve basın özgürlüğü

23 Feb Personal Data Protectıon Board’s Decision Dated 30.09.2021 on “Usıng the Image of the Data Subject in the Content of a News Sıte Wıthout Their Explıcıt Consent”

Posted at 09:21h in KVKK, Our Current Publıcatıons by

Today, with the increase in online content production, the means for people to express themselves and to reach information have increased considerably. That being said, the personal rights protected by the Personal Data Protection Law (“Law”) are one of the limitations imposed on these freedoms. With its decision dated 30.09.2021 and numbered 2021/989, the Personal Data Protection Authority (“Auhtority”) evaluated the conditions under which this limitation can be imposed.You can find the relevant decision of the Board regarding the situation of the express consent obligation against the freedom of the press, here.

In the complaint submitted to the Board it was stated that ; photograph of the data subject was used without their explicit consent within the content of the news site of a data controller, and the data subject suffered harm as a result of false news content.

News Report Defense Against Violation of Explicit Consent

Initiating an investigation upon the complaint, the Authority requested the news site's defense. In this context in its defense, the data controller stated that the website is a social media platform that allows its users/members to create and share such contents, and a hosting provider in accordance with the relevant legislation; in which the contents can be created by the editors, who are employees of the data controller, as well as anyone who wants to create content and publish it on the site as a member.

Depending on these arguments, the data controller claimed that; (i) as a hosting provider, it cannot be held responsible for any illegality caused by the content in accordance with the relevant legislation, (ii) the content published on the site is newsworthy, (iii) thus it is published within the scope of freedom of expression, and (iv) for this reason, the concerned data processing activity is covered under “exemptions outside the scope of the Law” regulated in paragraph (1) of Article 28 of the Law.

Evaluation of Freedom of Press Within the Scope of the Law

Evaluating this information, the Board has determined that; the content on the site can be created by the editors of the data controller as well as by the members, and the content on this event was produced by the employee of the data controller, therefore it has the title of data controller within the scope of the Law, hence publishing the concerned photo within the content is a personal data processing activity.

In this context, the Board primarily states that it should be evaluated whether the subject of application is outside the scope of the Law. It explained that, within this framework, when personal rights come across with freedom of information (which reflects freedom of expression); it should be determined which right should be given priority via examining in light of the following criteria;

  • public interest and benefit,
  • being true and current, and
  • balance between its essence and form.

.

In the light of the above criteria, the Board decided that; the content of the news did not bear the quality of public interest and benefit, the information contained in the news was not true and therefore violated personal rights. Considering the issues, it has been evaluated that the processing of the concerned content cannot be deemed within the scope of freedom of expression under the exemption regulated in subparagraph (c) of paragraph (1) of Article 28 of the Law.

With this decision, even though it is not such an in-depth evaluation, the Authority shed light on how freedom of press, which is one of the "exceptions outside the scope of the Law" listed in paragraph (1) of Article 28 of the Law, should be applied in practical cases within the scope of the law on the protection of personal data, and provided a guide.

Conclusion

In light of this evaluations, the Board ruled that;

  • data processing activity is carried out without providing the necessary conditions,
  • it is not possible to benefit from the exemption provision within the scope of subparagraph (c) of paragraph 1 of Article 28 of the Law,
  • the data controller has not fulfilled its obligations listed in the provision of the Law titled "Obligations Concerning Data Security" considering the data controller published a false article, and
  • an administrative fine shall be imposed on the data controller.

.

With this decision, the Board clarified that not all content that is news is directly under the same exemption and that there are limits to the freedom of information in accordance with the Law. In particular, newsworthy content that should be evaluated in the light of the criteria mentioned in the decision may be subject to a complaint to the Board if it violates the personal rights of the data subject. With an effective application to be made with an expert lawyer, it is possible to remove the content that violates the personal rights of the person concerned by the decision of the Board.

You can reach our İzmir Personal Data Lawyers to get expert legal support on the protection of your personal data or your company's personal data law compliance.

Tags
, , , , , , ,


en_US
en_US tr_TR
× Ask A Lawyer