TR-TR 
EN-US 
Turkish Data Protection Authority (“the Authority”) has published a new announcement on some crucial points that have to be taken into consideration regarding the data processing activities which take place during distance education practices. Accordingly, the Authority stated that personal data such as names, surnames of the students, and some data that can be evaluated as special categories of personal data within the scope of biometric data such as voices and images are being processed via distance education platforms. The Authority highlighted that personal data should be processed in accordance with the conditions set out in the Article 5 of the Law on the Protection of Personal Data No. 6698 (“Law No. 6698”), which regulates the conditions of processing personal data; and in the Article 6, which regulates the conditions of processing special categories of personal data, including biometric data.
In addition, the Authority stated that most of the software used for distance education services are provided through cloud service providers that use the data centers located abroad. Therefore, such processing activities which take place via the platforms which have data centers abroad shall be regarded as an international data transfer as regulated in the Article 9 of the Law No. 6698 and transfers that do not comply with the requirements of international transfer may violate the Law No. 6698 and cause data breaches.
