The Personal Data Protection Authority (KVKK) has published a guide on the use of cookies on websites. The guide includes information on how websites can provide cookies and which data can be processed without violating the Personal Data Protection Law No. 6698.
In our country, there was no detailed regulation or guide about cookies on websites. The “Guide to Cookies Applications” prepared by KVKK consists of 60 pages and provides detailed explanations for many usage scenarios related to the processing of personal data. Cookies that are not used in the processing of personal data are outside the scope of the guide.
In cookies, where explicit consent is required for the processing of personal data, the user’s genuine consent is required. It is stated that the user’s access to the site does not mean that explicit consent has been given to cookies. In addition, the lighting should be made in a clear, simple and understandable way.
In the guide, cookies are divided into four categories according to their intended use: “Strictly Necessary Cookies (Mandatory Cookies)”, “Functional Cookies”, “Performance-Analytical Cookies” and “Advertising / Marketing Cookies”.
According to the KVKK, the points to be considered regarding the cookies used in the processing of personal data are as follows:
- It should be done in a clear, simple and understandable manner, including all elements of the illumination, and the presence of complex Privacy Notices on the website that provide information on many other issues cannot be interpreted as fulfilling the obligation to enlighten.
- In the event that personal data processing is based on the condition of explicit consent, the obligation to inform and obtaining explicit consent must be fulfilled separately.
- Regarding the processing of personal data through cookies; express consent within the scope of the conclusion or performance of a contract cannot be imposed on the person concerned as a precondition of the contract.
- In the processing of personal data obtained through obtaining explicit consent from the data subjects, a mechanism should be established that allows obtaining separate consent for each different purpose.
- During the acquisition of personal data -at the latest-, that is, at the moment of accessing the website, illumination must be made. Clarification should be done when the data is not yet being processed or at the latest when the data is being processed.
- In order for express consent to be obtained, an active action must have taken place, simply entering the website does not mean that express consent has been given to the cookies used by the site in question.
- In the decision, it is evaluated that for the processing of personal data through cookies, there may be a legal reason other than express consent.
- Home page
- Internet
- Cyber Security News
- Cookie guide from KVKK
41747
