A
lmost all websites we visit display a notification and consent button for their cookie policy. The publication of a cookie policy on websites and the request for user consent regarding cookie usage are driven by legal obligations. Before looking at the legal basis and cookie policy, let’s briefly summarize what a cookie is.
Cookie files are text files that store your search and usage habits, membership information, or advertising preferences on the websites you visit. Especially on membership-required websites and e-commerce websites, cookie files are frequently used. Cookie files do not provide server access to your computer. Storing the usage habits of visitors is made possible through cookie files, which provide users with a more functional website experience. In e-commerce websites, functionalities such as remembering the products you add to your shopping cart or your membership information are facilitated by cookie files.
In Turkey, The Personal Data Protection Law No. 6698 does not contain explicit regulations regarding cookie usage. However, the General Data Protection Regulation (GDPR), which is a series of data protection laws developed to protect European Union citizens, includes explicit regulations on cookie files. This regulation has established a much wider scope of protection compared to the Data Protection Directive 95/46/EC previously applied in the European Union. It has imposed stricter rules on personal data processing, and significantly higher fines have been set for violations.
In addition to websites serving the European Union, considering that every website has the possibility to reach European Union citizens and the compliance process with European Union laws in our country, it should be noted that publishing a cookie policy and obtaining consent from visitors is also a requirement in our country. Although there are no explicit regulations, indirectly, the Personal Data Protection Law No. 6698 makes obtaining explicit consent from data subjects mandatory in every application that accesses personal data.
According to the General Data Protection Regulation (GDPR), on websites where cookies are used, the cookie policy must be shared with visitors, and explicit consent regarding cookie usage must be obtained from visitors. The cookie policy should contain clear information about the types of cookies used on the website, the duration for which user data is stored, the purposes for which data is tracked, whether data is shared, and how users can refuse or delete cookie files. Failure to provide this information and obtain consent for cookie files from users will result in legal responsibility for the content and location providers of websites.
