Court of Cassation Ruling on the Legality of Audio-Enabled Surveillance Camera Recordings in the Workplace
Introduction
In contemporary workplaces, employers frequently implement surveillance systems for reasons such as ensuring occupational health and safety, maintaining workplace order, operating internal control mechanisms, and preventing potential misconduct. However, such monitoring practices often raise significant legal concerns in terms of fundamental rights and freedoms of employees, particularly privacy and the protection of personal data. The balance that must be struck between the employer’s supervisory authority and the employee’s right to privacy must be carefully evaluated under both labor law and data protection law.
Judicial decisions and scholarly commentary on employee surveillance via cameras have largely converged on the principles of proportionality, transparency, and necessity. Within these bounds, employers are generally permitted to use video surveillance for purposes of safety and oversight. However, practices that go beyond visual surveillance and involve the recording of audio are far more intrusive and, accordingly, more controversial from both labor law and personal data protection perspectives. Recently, the use of audio-enabled security cameras in the workplace has become the subject of scrutiny in the decisions of both the Turkish Court of Cassation and the Personal Data Protection Board (“the Board”).
This study analyzes the legal reasoning adopted by the 9th Civil Chamber of the Turkish Court of Cassation in its decision dated 01.06.2020 and numbered E. 2020/1482, K. 2020/5244, in which it assessed the admissibility of an audio recording made by the employer without the employee’s knowledge as evidence in a dispute concerning severance and notice pay.
Factual Background
The case concerned an employee working as a store attendant and driver at a gas station who claimed severance and notice compensation following the termination of their employment. The employer asserted that the termination was justified on the grounds that the employee had made insulting remarks about company officials. In support of this allegation, the employer submitted an audio recording obtained via a security camera installed in the store.
The trial court’s initial judgment was overturned by the Court of Cassation on the grounds of insufficient examination. Upon retrial, the court reviewed the transcript of the audio recording and found that the employee had used phrases such as “they are a gang” and “not worthy of their position” when referring to company executives. Based on this evidence, the court ruled that the termination was justified and dismissed the employee’s claims. The decision was subsequently appealed again and brought before the Court of Cassation.
Assessment by the Court of Cassation
In reviewing the employer’s justification for dismissal and the evidentiary value of the audio recording, the Court of Cassation focused primarily on the manner in which the recording was obtained. The Court observed that there was no evidence in the case file indicating that the employee had been informed about the recording of audio in the workplace or had given explicit consent thereto. Moreover, the employer failed to demonstrate a legitimate interest that would necessitate the use of audio surveillance.
On these grounds, the Court concluded that the recording in question had been obtained unlawfully and therefore could not be admitted as evidence. Consequently, the employer was deemed to have failed to prove the grounds for immediate termination under Article 25/II-d of the Labor Law. The Court thus rejected the employer’s claim of justified termination and held that the employee was entitled to severance and notice pay. The lower court’s judgment, which had been based on unlawfully obtained evidence, was overturned.
Evaluation from a Data Protection Law Perspective
The Court’s assessment of the audio recording is significant not only from the standpoint of procedural law but also in the broader context of data protection. Surveillance activities in the workplace—particularly those involving audio recording, which directly intrude upon private life—must be evaluated in conjunction with the provisions of the Constitution and the Law on the Protection of Personal Data No. 6698 (“LPPD”).
The employer’s act of recording audio in the workplace without the employee’s knowledge constitutes a heightened level of intrusion upon the constitutional rights to privacy and freedom of communication as enshrined in Article 20 of the Constitution. In this regard, audio surveillance represents one of the most invasive monitoring tools that can be employed by an employer within the scope of supervisory authority.
Indeed, the Board has explicitly addressed this issue in its decision dated 12.03.2020 and numbered 2020/212, stating that audio recordings, when combined with video surveillance, are substantially more invasive than visual recordings alone. The decision emphasized that “recording both audio and video may create a sense among individuals of being under constant surveillance... and such a practice may compromise the essence of the right.” The Board also warned that the proliferation of such practices could create a de facto exemption from data protection rights, thereby undermining the very essence of the right itself.
These observations underscore the fact that audio surveillance is not merely a tool of oversight but also a practice with a substantial potential to violate fundamental rights. Accordingly, the employer’s use of such methods must be subject to the strict limits of data protection law.
As affirmed in both Constitutional Court and Board decisions, any use of surveillance by an employer must be based on clear, specific, and legitimate purposes. Additionally, employers must explicitly and in advance inform employees about the scope, duration, technical features, and intended use of the surveillance. This obligation is not a mere formality; it is a fundamental requirement of the principle of transparency in personal data processing.
Furthermore, the processing of personal data must comply with one of the legal bases enumerated under Articles 5 and 6 of the LPPD. In the absence of any applicable justification other than explicit consent, the employer must obtain the employee’s informed and voluntary consent. Judicial and Board precedents have repeatedly confirmed that data processing activities not grounded in a valid legal basis must be deemed unlawful.
In the case at hand, the employer failed to meet any of the aforementioned criteria. The audio recording was obtained in a manner that violated both the foundational principles of data protection law and the permissible limits of the employer’s supervisory authority. As made clear by the Court of Cassation’s ruling, the employer’s reliance on general claims such as workplace safety, internal oversight, or occupational health and safety is not sufficient to justify the use of audio-enabled surveillance systems. In this sense, the decision is significant in that it establishes—at the level of judicial precedent—that such generalized justifications cannot legitimize practices involving audio surveillance, which constitute a highly intrusive form of monitoring. Unless specific and extraordinary circumstances warrant the use of such methods, any data processing of this nature will be considered unlawful.
Ultimately, the Court of Cassation found that the employer’s use of audio surveillance was neither necessary nor legally justifiable and ruled that such a practice—violating employee privacy—could not be afforded legal protection.
Conclusion
While an employer’s authority to monitor the workplace may be grounded in legitimate aims, such as occupational health and safety or operational efficiency, the boundaries of this authority are clearly delineated by the Constitution, the LPPD, and relevant judicial precedents. In particular, practices involving highly intrusive measures such as audio recording require strict adherence to fundamental data processing conditions, including the duty to inform, the presence of a lawful basis, and the principle of proportionality.
Both case law and decisions of the Personal Data Protection Authority affirm that before implementing audio surveillance measures, employers must conduct an objective assessment of the necessity and proportionality of such practices and must provide clear and comprehensible information to employees in all cases. General purposes such as workplace safety, internal oversight, or occupational health and safety are not sufficient to justify the use of audio-enabled surveillance systems. Failure to comply with these requirements not only results in the violation of the right to personal data protection but also renders any evidence obtained through such means inadmissible under the law.
All rights of this article are reserved. This article may not be used, reproduced, copied, published, distributed, or otherwise disseminated without quotation or Erdem & Erdem Law Firm's written consent. Any content created without citing the resource or Erdem & Erdem Law Firm’s written consent is regularly tracked, and legal action will be taken in case of violation.
Other Contents
Although the Turkish Personal Data Protection Law No. 6698 (KVKK) stipulates certain rules on cross-border personal data transfer, the effective functioning of the transfer rules was limited over time due to some difficulties in practice. In particular, until late 2024, the application process for permission to transfer...
Personal Data Protection Law numbered 6698 (“PDPL”) was first drafted based on the Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals about the processing of personal data and on the free movement of such data, and entered into force in 2016...
Typically, when an employee departs, their corporate email account remains active and accessible to the employer for a period of time. During this time, the email archive and new incoming messages are forwarded to the employee's manager or another colleague...
In today's world, we now have the opportunity to purchase many products and services through e-commerce platforms with a single click from wherever we are. During these purchases, our personal data are collected and used through the websites or mobile applications of e-commerce platforms for various...
The processing of genetic data has the potential to affect not only the data subjects but also the persons with whom the data subject is genetically connected. “The Guidelines on Issues to be Considered in the Processing of Genetic Data” (“Guidelines”) published by the Personal Data Protection Authority...
In its decision regarding Case-300/21 and dated May 4, 2023, the Court of Justice of the European Union (“CJEU”) evaluates the right to compensation for an infringement of the European Union General Data Protection Regulation (“GDPR”) regulated in Article 82 of the GDPR. The CJEU decided that a mere...
The Personal Data Protection Law numbered 6698 (“PDPL”) introduces definitions for many concepts such as personal data, data controller, data processor and data subject. In terms of understanding and interpreting these concepts, secondary legislation, Personal Data Protection Authority (“Authority”) guidelines...
The Covid-19 pandemic and recent technological developments have significantly accelerated the digital transformation of all sectors. However, this rapid change especially in the financial sector (mobile banking, e-commerce, contactless payments, etc.) has brought some risks along with making life extremely...
Smartwatches have undeniably revolutionized our lives in the past decade. Apart from their core function as a timepiece, these wearable computers packaged in the form of a watch enable us to answer incoming calls, reply to messages and skim through social media notifications in seconds. Their steady rechargeable...
The Personal Data Protection Authority (“DPA”), on 16.06.2022, published the Draft Guidelines on Examination of Loyalty Programs within the Scope of Personal Data Protection Legislation (“Draft Guidelines”). The public has until 16.07.2022 to submit comments on them, and after these are evaluated...
The German Competition Authority (“Bundeskartellamt”) had previously found Meta (formerly Facebook) responsible for abusing its dominant position in the social network market by collecting and processing the personal data of its users without their consent and imposed measures on Meta and its associated...
Banks process large volumes of personal data in their daily operations. In order to deal with this sensitive information, the Turkish Personal Data Protection Authority, in cooperation with the Banks Association of Turkey, published Good Practice Guidelines on Personal Data Protection in the Banking...
The procedural rules on mass claims within European Union (“EU”) Member States is not uniform. To improve the position of consumers who might wish to make such claims, the European Parliament passed the Collective Redress Directive (“Directive”). The impact of the Directive is expected to...
In February 2020, the European Commission (“Commission”) published “A European Strategy for Data” as part of a wider drive concerning digital transformation and policy. Through this communication, the European Union (“EU”), defining itself as having a leading role in the data economy...
The Regulation on Protection and Processing of Personal Data by the Social Security Institution (the “Regulation”), the purpose of which is to determine the procedures and principles for processing data obtained within the scope of the duties and authority of...
The Personal Information Protection Law of the People’s Republic of China (“PIPL”) passed at the 30th meeting of the Standing Committee of the 13th National People’s Congress on 20 August 2021 and entered into force on 1 November 2021 as per Article 74...
In today's world, there is no doubt that data has become one of the most valuable assets and resources for some companies. The ability to collect, store, process, and analyze data on a large scale has dramatically changed...
