As known, all countries all over the world, including Türkiye, have taken various measures and precautions to protect against the disease caused by COVID-19 (Coronavirus) virus that has spread worldwide. At this point, besides traditional measures such as quarantine, social distancing and social isolation, it is also seen that technological facilities are being used.

Within this scope, in order to prevent the spread of coronavirus in various countries; personal data such as health, location and contact information of data subjects are being processed by methods like mobile applications for purposes of such as identifying the people who contacted with the carriers or those who are at risk of carrying the virus, implementation of treatment and quarantine by mapping the spread of the virus, control of those under quarantine, implementation of curfew, detection of crowded places.

In circumstances such as an epidemic disease, it is legally possible for the competent institutions and organizations to take measures in order to maintain public order and security. It is also indisputable that the security of personal data should be observed in such cases.

Within this framework, in order for processing of personal data such as tracking the location and mobility of the individuals to be lawful, these activities need to be carried out within the framework of the fundamental principles governing the data protection law and this issue should be addressed in terms of our law.

In the Regulation on Processing of Personal Data and Protection of Privacy in the Electronic Communication Sector, location data are defined as "Specific data processed in an electronic communications network or by means of electronic communication service, indicating the geographic position of the device of a user of a publicly available electronic communications service", and it is clear that the location data that make natural persons identifiable are deemed as personal data under Personal Data Protection Law No.6698 (Law No.6698).

In cases where location data need to be used by relating to a natural person;

The provisions of Law does not apply in cases where personal data are processed within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations duly authorised and assigned by law to maintain national defence, national security, public security and order or economic security, pursuant to subparagraph (ç) of Article 28(1) of Law No.6698.

From this viewpoint, in order to eliminate the threat in situations where public order and public security are threatened by, such as, an epidemic disease, data processing activities to be carried out by competent public institutions and organizations in order to ensure isolation of people who have been diagnosed with the disease, to identify crowded areas by processing location data of the general population and to develop measures in these areas, are evaluated under the subparagraph (ç) of Article 28(1) of the Law.

In this context, there is no obstacle to the processing of location data by the competent institutions and organizations which fall under the scope of the mentioned article, in order to prevent the spread of the disease caused by COVID-19 that threatens public security and public order.