top of page
Çıkın Gürvit Avukatlık & Hukuki Danışmanlık

Turkish DPA Clarifies Key Principles for the Use of CCTV Systems in Workplaces

  • 6 hours ago
  • 4 min read

On 8 June 2026, the Turkish Personal Data Protection Authority published a public announcement on the use of CCTV systems in workplaces. The announcement reminds employers that video recording in the workplace constitutes personal data processing and must comply with the general principles under the Turkish Personal Data Protection Law No. 6698.


The Authority does not prohibit the use of workplace cameras. However, any use of CCTV must be based on a specific, explicit and legitimate purpose, and must be limited and proportionate to that purpose. Employers should therefore treat CCTV systems not merely as technical security infrastructure, but as a compliance matter involving employee privacy and personal data protection.



Purpose Must Be Defined from the Outset


CCTV systems may be used in workplaces for purposes such as ensuring workplace security, preventing or detecting unlawful conduct, monitoring occupational health and safety measures, or preventing workplace accidents.


These purposes must be clearly defined from the outset, and the CCTV system must be used only within the limits of those purposes. Cameras installed for security or occupational health and safety purposes should not later be used to monitor employees’ general performance, productivity, attendance or workplace discipline.


CCTV systems should not become a tool for continuous employee surveillance, performance monitoring or disciplinary control. Monitoring whether employees are working efficiently, maintaining workplace discipline through cameras, or observing all working areas for general control purposes should not be treated as legitimate purposes for CCTV use.


This distinction is important. Workplace CCTV may be justified for certain security or occupational health and safety reasons, but its primary function should not be to continuously monitor employee behaviour.



CCTV Use Must Be Proportionate


The scope of the CCTV system must be limited to the purpose identified by the employer. Camera location, viewing angle, recording area, zoom function, monitoring frequency and retention period should all be determined by reference to that purpose.


Use of CCTV in entrances and exits, warehouses, cash-handling areas, locations involving security risks, or areas that need to be monitored for occupational health and safety reasons may be legitimate in certain circumstances. By contrast, wide-angle recordings covering the entire workplace, systems that enable individual tracking of employees, or continuous face-focused recording practices carry higher compliance risk.


Cameras should not be placed in areas where employees have a high expectation of privacy, such as toilets, changing rooms, prayer rooms, rest areas or similar spaces.



Audio Recording Requires Separate Assessment


CCTV systems with audio recording functions create a more intrusive interference with private life than video recording alone. Audio recording cannot therefore be justified simply because a camera system is already in place.


Employers should keep audio recording functions disabled by default and assess their use only where there is a clear, specific and lawful justification. A general security concern will not, on its own, justify continuous audio recording in the workplace.



Employees Must Be Clearly Informed


Employees must be clearly informed that CCTV recording takes place in the workplace. This information should not be limited to a simple notice stating that “this area is under camera surveillance”.


The privacy notice should clearly explain the purpose of CCTV use, the legal basis for processing, the persons or entities with whom the recordings may be shared, the retention period, who may access the recordings and the rights of employees as data subjects.


The information obligation should be fulfilled before CCTV recording begins and in a manner that is easily accessible to employees.



Access Rights and Retention Periods Must Be Limited


Only persons who need access to CCTV recordings due to their role should be able to access them. Access rights should be limited, and appropriate technical and organisational measures should be implemented to prevent unauthorised access or disclosure.


Recordings should not be retained longer than necessary. Employers should determine a reasonable retention period aligned with the purpose of CCTV use and delete, destroy or anonymise the recordings once that period expires.


Where an incident occurs, only the relevant recordings should be separated and retained for as long as necessary for the relevant legal process. Recordings unrelated to the incident should be deleted or otherwise destroyed at the end of the ordinary retention period.



Practical Impact for Companies


The announcement shows that workplace CCTV systems require more careful management. Companies should review their existing systems in particular from the following perspectives:

  • the purpose for which cameras are used;

  • whether the purpose of CCTV use has been documented;

  • whether camera angles and recording areas are limited to that purpose;

  • whether the system enables continuous monitoring of all working areas;

  • whether face-focused recording or zoom functions are used;

  • whether audio recording functions are available or enabled;

  • whether employee privacy notices are adequate;

  • who has access to CCTV recordings;

  • how long recordings are retained and how they are destroyed.


CCTV practices aimed at monitoring employees’ general performance, productivity, attendance or workplace discipline carry higher compliance risk. Even where a camera system was installed for a legitimate security or occupational health and safety purpose, unlawful processing may arise if the system is used in practice for a different purpose.


Companies should therefore assess their CCTV systems not only by reference to the existing technical setup, but also by considering the purpose of use, actual practice, access rights, retention periods and the impact on employee privacy.






Author

Avukat Ömer Faruk Çıkın

Ömer Faruk Çıkın


bottom of page