Assessment of Data Deletion During On-Site Inspections Considering Turkish Competition Board’s Recent Decisions
Introduction
Pursuant to Article 15 of Law No. 4054 on the Protection of Competition (“Law No. 4054”), the Competition Board (“Board”) is authorized to conduct on-site inspections at the premises of undertakings whenever it deems such inspections necessary for the performance of its duties. Within this scope, the Board may examine all types of information and documents kept by undertakings in physical and electronic form, including those stored within information systems.
The details regarding the exercise of these powers on digital devices are set out in the “Guidelines on the Examination of Digital Data During On-Site Inspections” (“Guidelines”). Under the Guidelines, on-site inspections may involve the examination of employees’ computers and mobile devices. In this respect, such inspections give rise to serious concerns for both undertakings and employees. These concerns become even more pronounced, particularly where employees are not provided with company-issued devices or where personal devices are used for business communications, as such devices may also fall within the scope of an on-site inspection.
Such apprehension surrounding on-site inspections may cause employees to panic and delete documents or, in particular private correspondence. However, under the Board’s settled decisional practice, data deletion during an on-site inspection is considered a conduct that hinders or complicates the inspection, regardless of the nature or content of the deleted data, the purpose of the deletion, or whether the deleted data is subsequently recovered. Accordingly, undertakings may face administrative monetary fines amounting to 0.5% of their annual turnover pursuant to Article 16 of Law No. 4054 solely due to data deletion.
Nevertheless, the Board rendered a couple of salient decisions recently where it has been observed that the Board took a relatively more detailed approach compared to their established strict practice. In this context, this article first sets out the Board’s established approach to data deletion during on-site inspections and subsequently examines the important nuances in some of its recent decisions.
Examples of the Board’s Settled Approach to On-Site Inspections
The Board historically adopts an extremely strict approach toward any conduct that may impede the effective conduct of on-site inspections or create difficulties for case handlers. The Board handles such cases with a high degree of sensitivity and sanctions them in most cases. In this framework, certain decisions in which the Board has characterized specific acts as infringements are presented below by way of example.
In the Balparmak Decision[1], the Board determined that employees had deleted certain e-mails after the commencement of the on-site inspection. Although some of the deleted data was later recovered and examined, the Board concluded that this did not eliminate the obstructive or hindering nature of such a conduct. The Board stated that adopting a contrary approach would result in rewarding undertakings in cases where data deletion could not be detected.
Similarly, in the Tahsildaroğlu Decision[2], it was established that employees had deleted data after the on-site inspection had started. Even though some of the deleted data was recovered, the Board assessed that the deletion had been carried out with the intent to conceal evidence and held that the recoverability of the data did not change the situation that the inspection was obstructed or hindered.
In both decisions, which were similar in nature, the Board imposed administrative monetary fines on the undertakings mentioned. These decisions clearly demonstrate the Board’s general approach and its settled practice regarding data deletion during on-site inspections.
The Samsung and Balsu Decisions
Contrary to the Board’s settled practice, a different approach was adopted in the Balsu Decision[3] and the Samsung Decision[4]. As noted above, the Board’s traditional approach considers data deletion to constitute obstructive conduct per se, regardless of intent or content. However, these two decisions depart from the relevant line of reasoning.
In the Balsu Decision, approximately 1,500 e-mails were deleted by employees of the undertaking after the commencement of the on-site inspection. The case handlers identified and recovered the deleted data, examined the e-mails, and found no evidence of any infringement.
The Board emphasized that data integrity had been preserved through the recovery of the deleted e-mails and that the on-site inspection had been completed without any loss of data. Furthermore, it was stated that the absence of any infringement-related findings in the recovered data meant that the deletion should not be considered as conduct hindering or complicating the inspection. For these reasons, no administrative monetary fine was imposed on Balsu.
A similar line of reasoning was adopted in the Samsung Decision. In this case, it was determined that certain messages in the internal messaging application “Knox Teams,” used by employees, had been deleted after the on-site inspection had commenced. The undertaking argued that the messages were automatically deleted when employees left chat groups and that the employees who left the groups were not aware of the on-site inspection. Importantly, it was understood that the deleted messages were accessible via the devices of other employees and were examined by the case handlers.
The Board assessed that the automatic deletion resulting from leaving the chat groups did not demonstrate an intent to delete data. Furthermore, when considered together with the accessibility and examinability of the messages and the absence of any infringement-related findings in the content, the Board concluded that the conduct could not be characterized as hindering or complicating the on-site inspection. Accordingly, and in line with the Balsu Decision, no administrative monetary fine was imposed.
In this respect, the Balsu and Samsung decisions demonstrate that, in certain exceptional circumstances, it has been seen that the Board might depart from its strict approach whereby data deletion in all cases is considered an infringement, and may instead take into account factors such as the preservation of data integrity, accessibility of the data, and the absence of infringement-related findings in the deleted content. In this sense, it can be said that the Board adopted a more ratiocinated approach in these decisions.
The Coca-Cola Decision
In the recent Coca-Cola Decision[5], the Board determined that WhatsApp messages had been deleted by employees after the commencement of the on-site inspection. It was further established that one employee deleted a message sent in a WhatsApp conversation with a contact saved as “P.G.” and immediately asked the counterparty, “Does it appear that you deleted this message as well?”, to which the counterparty replied, “Yes, it appears so,” thereby confirming the deletion.
Coca-Cola argued that the deleted WhatsApp groups consisted of private correspondence among family members and submitted sample messages from certain groups during the inspection. However, neither the employees nor the undertaking was able to ensure the recovery of all deleted data in a manner that would preserve data integrity.
Following the on-site inspection, Coca-Cola submitted a written defense to the Authority, arguing that WhatsApp and similar messaging applications were prohibited for business use under its information security policies and that internal audits had revealed no business-related WhatsApp correspondence on most devices. It maintained that the deleted messages were purely personal in nature, that the group names reflected this fact, and that “P.G.” was not a Coca-Cola employee. In addition, Coca-Cola submitted records relating to four WhatsApp groups and the correspondence with P.G., which it claimed had been recovered from archives using the “export chat” function on other participants’ devices.
While the Board accepted that the submitted correspondence gave the impression of relating to private life, it emphasized that these materials did not reveal the entirety of the deleted chats in a manner that preserved data integrity. It was noted that additional WhatsApp groups identified during the on-site inspection were not included in the documents later submitted by Coca-Cola.
Accordingly, the Board concluded that the undertaking had failed to submit the complete contents of the deleted data and had provided only partial samples relating to certain groups. Moreover, both during and after the inspection, it could not be determined whether the deleted data consisted solely of group chats or whether individual conversations had also been deleted. Therefore, it could not be conclusively established that the deleted data consisted exclusively of private correspondence.
On these grounds, the Board held that the data deletion had hindered or complicated the on-site inspection and imposed an administrative monetary fine on Coca-Cola.
Conclusion
The Board’s decisional practice regarding data deletion during on-site inspections reflects an evolving yet cautious approach. In the established case law, any data deletion carried out after the commencement of an inspection was regarded as inherently obstructive conduct, irrespective of intent, content, or recoverability. While the Balsu and Samsung decisions have shown for a moment that factors such as the preservation of data integrity, accessibility of the data, and the absence of infringement-related findings may be considered to a limited extent, the Coca-Cola Decision confirms that these examinations remain narrowly circumscribed.
Where deleted data cannot be fully recovered in a manner that preserves data integrity, or where it cannot be conclusively established that the deletion concerned exclusively private correspondence, the Board continues to adhere to its strict approach and imposes significant administrative monetary fines. Taken together, these decisions indicate that the Board shows litheness only in exceptional and clearly verifiable circumstances, and that undertakings and employees should act with the awareness that any data deletion during an on-site inspection carries a high level of sanction risk.
- The Board’s decision dated 02.03.2023, numbered 23-12/180-56.
- The Board’s decision dated 30.04.2025, numbered 25-17/409-190.
- The Board’s decision dated 17.08.2023, numbered 23-39/727-250.
- The Board’s decision dated 10.04.2025, numbered 25-14/330-157.
- The Board’s decision dated 20.11.2025, numbered 25-43/1058-605.
All rights of this article are reserved. This article may not be used, reproduced, copied, published, distributed, or otherwise disseminated without quotation or Erdem & Erdem Law Firm's written consent. Any content created without citing the resource or Erdem & Erdem Law Firm’s written consent is regularly tracked, and legal action will be taken in case of violation.