Cookies and Cookies Policy :

On all websites we visit, we are confronted with the notification and approval button regarding the cookie policy. The approval of users who visit the website is a legal obligation. During these periods when the importance of personal data protection was emphasized, we became very aware of the cookie policy.

A cookie is a text file that stores your search and usage habits, membership information or advertising preferences on the website you visit. Records what people search on the website in their browser history. A cookie is a type of identification file that is left on the computer by any Internet site or remote computer. When you re-enter cookies on the same site, they will return cookies to that site. The site can then provide customized information to suit your needs. Cookie files, which are frequently used on websites that require membership, and e-commerce sites, do not give server access to your computer. Storing visitors' usage habits allows users to use a more functional website. E-commerce sites that you put in your shopping cart products or membership information to remember the functionality is provided through cookie files.

Cookies Type :

Cookies in commercial life

  • Obligatory cookies
  • Performance cookies
  • Targeting cookies
  • The functionality is divided into cookies

Obligatory cookies are essential cookies that allow you to use and navigate website features, such as accessing secure parts of the website.

Performance cookies collect information about how users use a website, such as which pages visitors visit the most or receive error messages from web pages.

Functionality cookies allow you to remember preferences that you have made (such as user name, language, or region) by the website and thus provide advanced features. The information collected by these cookies is generally anonymous. The information collected by these cookies may contain confidential data that may identify us, such as our user name, profile picture. For this reason, those who have obtained this information should tell in a transparent way what data they collect and what they do with it. This information is called personal data and is protected under the law on the proctection of personel data No. 6698. Pursuant to Article 8 of this Law, ‘personal data cannot be transferred without the express consent of the person concerned.’ [1]

Legal Basis :

The Law No. 6698 the Law On The Proctection Of Personel Data does not include a clear regulation on the use of cookies. However, GDPR (General Data Protection Regulation), a set of data protection laws developed to protect citizens of the European Union, contains clear regulations on cookie files. GPDR requires cookie policy to be shared with visitors and explicit consent to use cookies on websites that use cookies. The “cookie provision inin of the E-Privacy Directive includes the following statement. “[…] The storage of information or access to information already stored on a subscriber or user's terminal device is permitted, in addition to others, with the consent of the subscriber or user expressly and comprehensively informed about the purposes of processing, in accordance with [GDPR]. ” [2] The E-Privacy Directive clarifies that access to website content is provided on the condition that cookies are accepted with detailed information ”and the use of similar tracking technologies. [3] As a result, digital services, such as websites or applications, are required to request that users consent to the collection of cookies and personal information before providing a service.

In general terms, according to the EU General Data Protection Regulation, cookie policy should be shared with visitors and explicit consent must be obtained from visitors on cookie websites.

  • what kind of cookies are used on the website,
  • how long the user data is stored,
  • which data is monitored for what purpose,
  • the cookie policy should contain clear information about whether data is shared and how users will reject or delete cookie files.

Conclusion and Our Opinion:

With the entry into force of the Law on Protection of Personal Data, companies revised their cookie policies and started to make regulations in particular. They should pay attention to transparency in these policies and provide the necessary information about cookies. Although there is no clear provision regarding cookies in the KVKK (Protection of Personal Data Law), it is obligatory to obtain explicit consent from the personal data owners according to article 8 of the KVKK No. 6698 in each application where the personal data of the individual is reached. In the event that information is not provided in accordance with this provision and in accordance with the provisions of GDPR and users are not approved for cookie files, the content and location providers of the websites shall have legal responsibility.

[1] The law on the proctection of personel data article 8

[2] The ePrivacy Directive is based on the definition of consent contained in Article 94 (2) of the Data Protection Directive. GDPR stipulates that all references to the Data Protection Directive will be referans interpreted as reference for [GDPR].. As a result, the consent requirement contained in the ePrivacy Directive will also apply to the GDPR.

[3] Consideration 25 ePD




İlayda OCAK