Violation Of The Right To Respect For Private Life Due To The Refusal Of The Request To Provide Information About The Phone Line Used
Events
The applicant requested from the communication company the internet data, log records, IMEI information of his phone, and the dates when he used Hot Spot (open Wi-Fi point) for the years 2014-2015 for the phone line he used; he also requested the sharing of the IP numbers that he shared with other subscribers when he used the internet on his mobile phone, the phone numbers of other subscribers in these shared uses, and the data information regarding the log records on the dates when they received the same, common, single IP numbers to the applicant’s phone number. The communication company rejected the applicant’s request on the grounds that this information was kept in their records for five years and that they would only share this information/data if the court so requested. Thereupon, the applicant filed a lawsuit before the consumer court, which dismissed the case after an examination. The applicant’s appeal was also rejected by the regional administrative court.
Allegations
The applicant claimed that his right to request protection of personal data within the scope of the right to respect for private life and the right to effective remedy in connection with the right to request protection of personal data were violated due to the rejection of his request to provide information about the telephone line he used.
The Court’s Assessment
The positive obligations imposed on the state within the framework of the right to request the protection of personal data impose an obligation on the state to create legislation and, in particular, to sanction violations of the safeguards in order to ensure the effective enjoyment of the guarantees granted to individuals within the scope of this right. In addition, pursuant to the last sentence of the third paragraph of Article 20 of the Constitution, “The principles and procedures regarding the protection of personal data shall be regulated by law.”, the framework of the requirements of the obligation to establish legislation must be determined by law.
In this framework, considering that there is no obstacle to the application of the guarantees regarding the right to request the protection of personal data guaranteed in Article 20 of the Constitution and the Law No. 6698 on the Protection of Personal Data and the existing regulations in our legal system in the dispute subject to the application, it can be said that the positive obligations in the context of creating a legal infrastructure have been fulfilled. However, the theoretical existence of a remedy is not sufficient to state that positive obligations have been fulfilled, and this remedy must also be operated effectively.
In the concrete case, it has been observed that the courts, with a very narrow interpretation, found the requests in question to be related to material data rather than a right or legal relationship and rejected the case by not entering into the merits of the case due to the lack of an interest requirement due to the lack of a current interest before the consumer court. It is clear that this interpretation prevented the applicant from accessing his personal data. As a matter of fact, the applicant filed this lawsuit because his request for access to this data was denied. The right to be informed about and to access personal data concerning oneself are guarantees explicitly provided for in the third paragraph of Article 20 of the Constitution. The principle of transparency of personal data also requires these guarantees to be provided.
As a requirement of the principle of subsidiarity in the context of individual application, the judge must resolve the disputes before him/her by taking into account the guarantees for fundamental rights and freedoms in the Constitution. This is because, according to Article 11 of the Constitution, the provisions of the Constitution are the fundamental rules of law that bind the legislative, executive and judicial organs, administrative authorities, other institutions and persons. Article 138 of the Constitution also stipulates that judges shall judge according to their conscientious convictions in accordance with the Constitution, the law and the law. Therefore, the judge must interpret the provisions of the law and other secondary regulations to be applied to the dispute in the light of the principles and guarantees contained in the Constitution.
In the concrete application, where the merits of the case were not examined as a result of the trial, no reason was shown that restricted or prevented the applicant from accessing his personal data in accordance with the requirements of the right to request the protection of personal data regulated in Article 20 of the Constitution, nor was there any relevant and sufficient justification that could justify such an intervention. As a matter of fact, the courts did not discuss and clarify the obligations of the respondent company in terms of providing access to these data within the framework of both the provisions of the law on the protection of personal data and the relevant legislation.
As a result, in the present application, the failure to examine the merits of the applicant’s lawsuit, which could have enabled him to benefit from these constitutional guarantees, has rendered a theoretically available remedy ineffective. In other words, a remedy that could be considered effective at the theoretical level has lost its capacity to offer a chance of success in the concrete case due to the interpretation of the courts in question.
For the reasons explained, the Constitutional Court ruled that the right to effective remedy in connection with the right to request protection of personal data within the scope of the right to respect for private life was violated.
