Individual Application

The Facts

An investigation was initiated against the applicant following the coup attempt of 15 July for his alleged membership of the Fetullahist Terrorist Organisation/Parallel State Structure (“the FETÖ/PDY”). The incumbent chief public prosecutor’s office indicted him before the assize court (“the court”). The indictment issued with respect to him referred to the finding that the applicant was the user of the ByLock application, the communication means of the said organisation. At the end of the criminal proceedings, the court sentenced him to 7 years and 6 months’ imprisonment for his membership of the said terrorist organisation, taking into consideration his being a user of the ByLock. The applicant’s appeal on points of fact and law (“istinaf başvurusu”) was dismissed by the Regional Court of Appeal. At the end of the appeal proceedings before it, the Court of Cassation upheld the applicant’s conviction.

The Applicant’s Allegations

The applicant maintained that his right to the protection of personal data and freedom of communication had been violated due to the unlawful acquisition of his ByLock communication and personal data.

The Court’s Assessment

The underlying aim of the impugned interference with the applicant’s right to the protection of personal data and freedom of communication is to uncover the FETÖ/PDY terrorist organisation and its activities, thereby to prevent the commission of offence. It is evident that the acquisition and analysis of the data available on the ByLock communication programme, the submission of such data to the investigation authorities, as well as the acquisition of the applicant’s communication records and the identification of the base station providing service to ascertain whether the applicant had been a user of this application are the appropriate means to achieve the aim pursued.

In the second place, it was examined whether the impugned interference met a pressing social need and, in this sense, whether the acquisition of the applicant’s ByLock data, communication records and the base station information were a measure used as a last resort. 

The FETÖ/PDY, with its peculiar structure and its functioning based on confidentiality, is one of the most organised and dangerous terrorist organisations, which carry out activities in several countries. Therefore, the use of clandestine intelligence methods so as to ensure the uncovering of the organisational activities and identification of its members is inevitable. No democratic state may remain inactive in case of any threat to its existence. As a matter of fact, the data obtained from the ByLock server has played a significant role in the disclosure of the activities performed by the organisation as well as identification of its members. In this sense, several high-level members of the FETÖ/PDY were identified through the analysis of the ByLock data. 

In this respect, the acquisition of the data available on the ByLock server through intelligence methods and the submission of these data to the judicial authorities satisfy the condition of being compatible with the requirements of a democratic society. Besides, the data obtained from the ByLock server has not produced an automatic consequence with respect to the applicant. The impugned interference resulting from the acquisition of the applicant’s communication data on the ByLock application was made pursuant to Articles 134 and 135 of the Code of Criminal Procedures and on the basis of a judge’s decision. It has been accordingly concluded that the interference was necessary in a democratic society and proportionate to the aims sought to be attained.

In the third place, it must be ascertained whether the special safeguards inherent in the right to the protection of personal data have been afforded to the applicant. However, it must be primarily discussed whether in the present case, there was any situation necessitating an exception to the special safeguards that have come into play in case of any restriction on, and interference with, the right to the protection of personal data.

As required by the criteria set forth in Article 13 of the Constitution as well as by Article 14, which provides “None of the rights and freedoms embodied in the Constitution shall be exercised in the form of activities aiming to violate the indivisible integrity of the State with its territory and nation, and to endanger the existence of the democratic and secular order of the Republic based on human rights”, an exception may be introduced to the special safeguards inherent in the right to the protection of personal data for the purposes of maintaining the order of democratic state and the national security, as well as of fighting against terrorism. It is also acknowledged in the international legal instruments that special safeguards of the right to the protection of personal data may be subject to an exemption with a view to maintaining national security and fighting against terrorism.

In the present case, it is evident that the interference with the applicant’s right to the protection of personal data and freedom of communication is closely associated with the purposes of maintaining national security and preventing the commission of any offence. The public authorities considered that it would be insufficient to merely conduct a judicial investigation with a view to uncovering the organisational activities, identifying members of the organisation and preventing the risks caused by the organisation to the public order and national security. Therefore, certain clandestine intelligence methods, which are not indeed a means applicable to every criminal investigation, were applied in the applicant’s case. In the use of such methods, the severity of the threat caused by the said organisation to the sovereignty of the Turkish Republic, which was manifested on 15 July 2016, had an unequivocal effect. Therefore, it is undoubted that the interference in the present case was of the nature that necessitated an exception to the special safeguards inherent in the right to the protection of personal data. 

However, the existence of an exception does not necessarily entail the setting aside of all special safeguards. In consideration of the particular circumstances of the present case, it has been concluded that the safeguards of (1) being restricted, (2) not being stored for a long period of time, (3) not bearing an automatic consequence in terms of the data subject and (4) being subject to an effective judicial review must be afforded.

There is no information to the effect that the acquisition of ByLock data by use of intelligence methods went beyond the aim of uncovering the activities, and identifying the members, of the said organisation. Nor did the applicant raise a complaint that the obtained data had been misused. The data obtained from the ByLock application were used merely in the criminal proceedings conducted into the applicant’s alleged membership of the FETÖ/PDY.

It is envisaged that the data proving that the applicant was a user of the ByLock and the information supplied by the Information and Communication Technologies Authority be stored throughout the criminal proceedings. Indeed, the applicant did not complain of the period during which the relevant data would be stored. Accordingly, it has been considered that the storage period was not excessive.

The data obtained through the ByLock server did not automatically yield a consequence with respect to the applicant and were dealt with during an investigation upon being assessed and analysed primarily by the law enforcement units and then by the judicial authorities. Finally, the applicant had the opportunity to raise his challenges before the inferior courts, which conducted a comprehensive examination as to these challenges. The applicant did not raise any complaint with respect to the special safeguards inherent in the right to the protection of personal data. Nor was any deficiency found in this respect. The Court has also considered that the applicant was afforded the relevant judicial safeguards. 

Consequently, the Court has found no violation of the right to the protection of personal data and the freedom of communication.