31.03.2026 13:55
The KVKK has made a principle decision stating that debt notices belonging to apartment and site residents cannot be posted in common areas. The decision also stated that if the matters specified in the principle decision are not adhered to, penal action will be taken.
The Personal Data Protection Authority (KVKK) has made a principle decision stating that announcements regarding debts such as dues, advances, and fixed asset expenses of apartment or site residents cannot be posted in common areas such as elevators, building entrances, and building corridors.
POSTING DEBT LISTS IN APARTMENTS IS AGAINST PERSONAL DATA
The decision published in the Official Gazette stated that it was necessary to make a principle decision due to various personal data processing activities carried out in the management processes of apartments and sites.
In this context, it was expressed that lists or documents containing personal data such as names, surnames, apartment numbers, amounts of debt, payment delay periods, number of payment delay periods, ownership and rental information of the apartment residents were posted in places such as elevators, building entrances, and building corridors for the purpose of announcing the dues, advances, fixed asset expenses, and similar debts of apartment residents and informing other apartment residents.
The decision pointed out that individuals who do not reside in collective structures, cargo personnel, couriers, and individuals who are not recognized by apartment residents can frequently be found in these areas, emphasizing that the announcements, documents, and lists posted there could also be seen by these individuals.
SUCH LISTS WILL BE REMOVED FROM COMMON AREAS
The decision stated that posting lists containing personal data in common areas of collective structures, which are disclosed to an unspecified group, constitutes a violation of the obligation to take necessary technical and administrative measures for ensuring data security as regulated in Article 12 of the Law No. 6698 on the Protection of Personal Data, and it was recorded:
"It has been concluded that methods and procedures should be used that do not allow access to third parties, such as closed email or messaging groups or applications dedicated to this service, to ensure that the relevant notifications are carried out in accordance with Article 12 of the Law. It has been concluded that immediate cessation of such practices and the urgent removal of such announcements, lists, or documents from the common areas of collective structures is necessary, and that another method or procedure that is in accordance with Article 12 of the Law and can only be accessed by the relevant parties should be applied for notifications and information to be made to property owners regarding these issues."
PENALTIES FOR NON-COMPLIANCE WITH THE PRINCIPLE
The decision stated that penal actions specified in Article 18 of the Law would be applied to data controllers found not to act in accordance with the matters specified in the principle decision.