From a data privacy perspective, there are no specific rules or decisions given by the Turkish Data Protection Authority regarding whether employers can verify or record the vaccination data of employees. However, the Turkish Data Protection Authority did publish a guideline and a FAQ regarding how several data privacy matters should be handled during the pandemic. The authority emphasised that the general principles set forth within the Data Protection Law must be obeyed even during the pandemic.
According to Article 6 of the Turkish Data Protection Law, health-related data is one of the special categories of personal data that may not, in principle, be processed without the explicit consent of the data subject. As such, where employees willingly provide information on their status, then an employer may record this information, although an employer would be obliged to keep this information confidential and make it available to only relevant personnel (e.g. the company doctor).
Where consent has not been given for processing health-related data, such health data may only be processed by the persons subject to the secrecy obligation or by competent public institutions and organisations involved in the protection of public health; the operation of preventive medicine, medical diagnoses, treatments, and nursing services; the planning and management of health-care services; and their financing. Whether an employer’s processing of vaccination data would fall under this paragraph is currently unclear under Turkish data protection legislation.
From an employment law perspective, employers generally do not have a right to verify vaccination status. However, certain employers (e.g. those active in the medical sector) are entitled to verify this information since their employees would be considered at high risk of infection and the employer would be obliged to take the necessary health and safety precautions to avoid a workplace-wide infection.