New Ways of Working in Turkey

1. Has the government introduced any laws and/orissued guidelines around remote-workingarrangements? If so, what categories of worker do thelaws and/or guidelines apply to – do they extend to “gig”workers and other independent contractors?

Article 14 of the Turkish Labour Act (TLA) defines remoteworking as a contractual employment relationship in whichemployees carry out their duties from home or other locationsoutside the workplace, sometimes through digital platforms.Based on the TLA, the Ministry of Labour and Social Securityrecently prepared a Regulation on Remote Working(Regulation), which came into force on 10 March 2021.

The Regulation covers all employees who work remotely underarticle 14 of the TLA. In this regard, the said rules shall apply toall categories of employees defined under the TLA, includingbut not limited to fixed-term workers, temporary workers, part-time workers and full-time workers. On the other hand,independent contractors would not qualify as workers underthe TLA, as they would not be working in a way that isdependent on a specific employer.

In addition, the Ministry of Labour and Social Security haspublished the ”Guideline on Remote Working During covid-19”(the Guideline), to increase awareness and share with allemployers and employees any information and advice aboutpotential scenarios, problems and economic risks, especiallyunder occupational health and safety. Since all informationincluded in the Guideline qualifies as a recommendation, it mayapply to anyone working remotely, even after covid-19.

2. Outline the key data protection risks associated withremote working in your jurisdiction.

The key data protection risks associated with remote workingare data security and the processing of additional personaldata while working remotely.

Under article 12 of the Personal Data Protection Lawnumbered 6698 (the DPL), data controllers must take alladministrative and technical measures necessary to preventunlawful processing of personal data, to prevent unlawfulaccess to personal data and to ensure the security of personaldata.

The Regulation also stipulates that the employer must informremote workers about workplace rules and applicablelegislation concerning the protection and transfer of datarelated to the workplace and their assignments (which mayinclude personal data). The Regulation also emphasises thatemployers must take all necessary measures for the security ofdata. Per the Regulation, in the remote-working agreement, theemployer must determine the definition and scope of data thatneeds to be protected.

There is no guidance from the Turkish Data ProtectionAuthority (DPA) concerning measures to be taken specificallyfor remote working. Its general Guideline for Personal DataSecurity (Data Security Guideline) and the principal decision ofthe Turkish Data Protection Board concerning measuresrequired to be taken by data controllers for processingsensitive personal data (Board Resolution for Sensitive PersonalData Security) should be considered by employers. Themeasures listed in the Data Security Guideline and the BoardResolution for Sensitive Personal Data Security are notexhaustive. Employers must consider all necessary measuresfor cyber security. International guidelines and IT sectordevelopments should also be considered.

Employers who have failed to take appropriate measures toprotect the unlawful processing of or access to personal datamay be required to pay an administrative fine amounting tobetween 29,500 Turkish lira and 1,966,857[1] Turkish lira.Furthermore, additional technical measures taken for remote-working opportunities must also be communicated to the DataControllers’ Registry if the employer is required to register data-processing activities (eg, employers located in Turkey that havemore than 50 employees or have a balance sheet of more than25 million lira fall under this obligation). Otherwise, although itmay not be an imminent risk, an administrative sanctionamounting to between 39,334 lira and 1,966,857 lira may beapplied against the employer.

Lastly, if having remote-working employees requires anemployer to process additional employee data, then theemployer must inform their employees accordingly byproviding an appropriate privacy notice under the DPL.Otherwise, they may be fined between 9,832 lira and 196,686lira. The employer should determine what legal ground shouldbe applied to the data processing due to remote working. If theapplicable legal ground is consent but consent is not obtainedlawfully from employees, then the employer may face anadministrative fine of between 29,500 lira and 1,966,857 lira forunlawful processing.

[1] All administrative fine amounts mentioned in thisquestionnaire will be updated for each year based on a re-evaluation determined annually.

3. What are the limits on employer monitoring of workeractivity in the context of a remote-working arrangementand what other factors should employers bear in mindwhen monitoring worker activity remotely?

One way to monitor employee activity in the context of remoteworking could be to control employees’ use of servers, e-mailaccounts and internet while using the employer’s equipment. InTurkey, it is generally accepted that employers are authorisedto control employees’ use of servers, e-mail accounts andinternet from their equipment within the scope of their right tomanage, and there are no particular rules or exceptions as toremote working.

However, even though employers are entitled to such control,monitoring should be proportional to the legitimate purposesof the employer, such as controlling productivity and quality, orproviding security. Employers should inform their employeesabout monitoring on the equipment and servers as well as thereasons for it. Furthermore, employers must provide necessaryinformation about the scope of their monitoring activities toemployees under the DPL. Otherwise, there is a risk of anadministrative fine.

Employers should also bear in mind that, during suchmonitoring, they must avoid violating privacy rights. TheConstitutional Court recently held that if employees areinformed that their e-mails are monitored, the secrecy ofprivate life and freedom of communication must not beviolated. The Constitutional Court also stated that theconflicting interests of the employer and employees shouldbe balanced fairly and any intervention by monitoring e-mailaccounts should be evaluated on the grounds ofproportionality and the legitimate purposes of theemployer.

From a data privacy perspective, employers firstly shoulddetermine what personal data needs to be processed to ifemployers have a legitimate interest to monitor employees’activities, whether the processing of such data maypotentially harm employees considering their rights, andwhether employers have any options other than processingsuch personal data when trying to achieve this legitimateinterest. Employers must apply a balance test to determinewhether its legitimate interest overrides the personal rightsand interests of their employees. Otherwise, employerscannot depend on legitimate interest as a legal ground forprocessing and will need the explicit consent of theiremployees to apply the relevant monitoring tool. In anycase, if any monitoring requires the processing of sensitivepersonal data, consent will be required as per the DPL.Even if consent is given to employers, this does not meanthat they can use monitoring tools to process any personaldata that is not required to achieve the legitimate purposesof the monitoring. Any processing in contravention of theDPL (including the general principles applicable to dataprocessing) may impose a risk of an administrative fine.

In light of the above, each monitoring tool considered byemployers must be evaluated on a case-by-case basis fordetermining which legal ground is applicable and to whatextent.

4. Are employers required to provide work equipment(for example, computers and other digital devices) orto pay for or reimburse employees for costsassociated with remote working (for example,internet and electricity costs)?

As per article 7 of the Regulation on Remote Working, it isessential that the materials and working tools required forthe remote employee’s work are provided by the employer,unless otherwise agreed in writing.

In practice, many global companies adopt policies to makefurther payments to employees to reimburse officesupplies, internet, etc. Therefore, it may be favourable toreimburse employees for costs associated with remoteworking.

5. What potential issues and risks arise for employersin the context of cross-border remote-workingarrangements?

Theoretically, cross-border remote-working arrangementsare possible from an employment law perspective as thelaw does not provide a clear rule or restriction on this.However, in practice, the Social Security Institution does notconsider days worked overseas as workdays subject tosocial security premiums. Therefore, such arrangementsmay not be possible.

Employers located in Turkey must consider their data privacyobligations where employees are working in the context ofcross-border remote-working arrangements, because therelevant obligations are mostly applicable on a residency basisdue to the principle of territoriality. On the other hand, underTurkish legislation, employers must ensure the security of datashared with the relevant employees.

In addition, employers should bear in mind that any datashared with such employees would be an overseas transfer ofdata. As a result, if the transferred data contains personal data,consent must be obtained for such transfer of data abroadfrom the data subject, covering the purpose of processing thisdata unless the employers have permission from the DPA forthe relevant international transfer. International transfers ofpersonal data are restricted in Turkey. Unlike GDPR, the DPLdoes not protect international transfers in the EuropeanEconomic Area (EEA) as Turkey is not in the EEA and standardcontractual clauses do not apply to the transfer of personaldata from Turkey to overseas.

Depending on the sector in which employers are engaged,there may be further data-residency and data-localisationrequirements. Therefore, before any cross-border remote-working arrangements, employers must evaluate whether theyare subject to such requirements and how they shouldapproach the data to be processed by the relevant employeesfor their duties and assignments on a case-by-case basis.

6. Do employers have any scope to reduce the salariesand/or benefits of employees who work remotely?

As per article 14 of the TLA, remote workers cannot be treateddifferently from a comparable worker solely due to the natureof their employment contract. Employers cannot reduce thesalaries or benefits of employees who work remotely merely ongrounds of remote working. However, if there is otherjustification, such treatment may be acceptable.

7. What are the key privacy considerations employersface in relation to ascertaining and processing employeemedical and vaccination information?

In the scope of the duty to protect employees, employers musttake all necessary occupational health and safety measures andprotect employees’ health, and physical and

mental integrity. Also, as per the Occupational Health andSafety Act, employers must protect the occupational health andsafety of employees. Employers must provide covid-19-safeworking environments as much as is practicable. The practicalsteps that may be taken by employers would vary dependingon the features of each workplace. However, certaingovernmental authorities published several guidelines duringthe pandemic, and employers may choose to comply with therecommendations set out under these documents to ensurethe minimum protection. These publications mainly focus onemergency planning, cleaning and hygiene rules, personalprotective equipment, and advice on travel and meetings.

8. Can employers require or mandate that their workersreceive a covid-19 vaccination? If so, what options doesan employer have in the event an employee refuses toreceive a Covid-19 vaccination?

As per the Constitution, a person’s physical integrity cannot be interfered with except for medical necessity and exceptions setout by the law. As the covid-19 vaccination is not defined as amandatory vaccine under the applicable laws, employerscannot make vaccinations mandatory for employees inprinciple. Indeed, the Ministry of Health announced that covid-19 vaccinations are voluntary.

The only mandatory vaccine under the current legislativeframework is the smallpox vaccine.

The majority of Turkish academics take the view thattermination for refusal to take a vaccine would not constituterightful or valid grounds for termination. It also would notcomply with the principle of termination being the last resort,as employers may proceed with other options such asencouraging employees to get vaccinated or implementingremote working. However certain academics argue thatrefusing to take a covid-19 vaccine may be valid grounds fortermination in exceptional cases (such as employees in elderlycare institutions).

Recently, the Ministry of Labour and Social Security issued ageneral letter regarding vaccination and testing policies thatemployers may apply in workplaces. The letter suggests theemployers should: (i) inform all employees about protective andpreventive measures against potential health and safety risks atthe workplace; (ii) provide separate information in writing toemployees whose covid-19 vaccinations are not complete; (iii)inform unvaccinated employees about the potential results ofreceiving a covid-19 diagnosis due to unvaccination within thescope of the labour and social security legislation; (iv) requirethat unvaccinated employees have regular PCR tests once aweek as of 6 September 2021; and (v) record the test results atthe workplace for any necessary action.

The fact that these arrangements were introduced by a letterfrom the Ministry has been highly criticised by legal academicsand practitioners, and legislators are expected to bring a lawinto force soon.

9. What are the risks to an employer making entry to theworkplace conditional on an individual worker havingreceived a Covid-19 vaccination?

As mentioned above, employers are under an obligation toprotect their employees. This means that employers shouldconsider the health of employees working at physical premises.On the other hand, as explained above, employers cannotforce employees to get vaccinated, and making entry to theworkplace conditional on an individual worker receiving a covid-19 vaccination may be construed as pressure by the labourcourts.

Please see question 8 regarding the option of requestingmandatory PCR testing.

10. Are there some workplaces or specific industries orsectors in which the government has required thatemployers make access to the workplace conditional onindividuals having received a Covid-19 vaccination?

No. As mentioned above, the Ministry of Health has stated thatthe covid-19 vaccination is available voluntarily. Also, accordingto the Ministry of Labour and Social Security’s general letter,mandatory PCR testing is regulated as a voluntary mechanismat the employer’s discretion, considering different workingmethods in all workplaces.

On the other hand, the Ministry of Internal Affairs issued aseparate circular, which regulates mandatory PCR testing forcertain activities. As per the said arrangement, unvaccinatedpersons must have proof of a negative PCR test resultconducted within the past 48 hours before attending collectiveactivities such as a concert, cinema and theatre; or undergoingintercity travel by plane, bus, train or other means of publictransportation, except for private vehicles. In this regard,business managers or organisers must query the attendee’svaccination status or medical history (for the immunity periodscientifically acknowledged for covid-19) or a negative PCR testresult conducted within the past 48 hours. The attendees whoeither have not recovered from covid-19 or fail to provide anegative PCR test result will not be allowed to conduct thatactivity. It may be possible to say that, in addition to theattendees, employees who facilitate these activities can also berequested to provide a negative PCR test result, if they areunvaccinated.

Likewise, the Ministry of Education introduced a similar practiceat schools. Accordingly, all unvaccinated school staff whoencounter students face-to-face must undergo mandatory PCRtesting twice a week.

In addition to the above, according to the Ministry of InternalAffair’s circular, governorates or district governors will beentitled to introduce PCR testing enquiries regarding thepersons who have not been vaccinated or recovered fromcovid-19 attending other activities and events with a decision tobe rendered by the Provincial or District Public Health Council.Therefore, it is expected that the scope of mandatory PCRtesting for unvaccinated persons will be expanded.

11. What are the key privacy considerations employersface in relation to ascertaining and processing employeemedical and vaccination information?

Medical and vaccination information can be processed byemployers only with the explicit consent of employees. Inlabour law, considering the dynamics between employers andemployees, any consent given by employees may be challengedas it may not be voluntary. Therefore, the processing of suchhealth data, even with the consent of employees, would imposerisks upon employers from a data protection perspective.

12. What are the key health and safety considerationsfor employers in respect of remote workers?

As per article 12 of the Regulation on Remote Working,employers must inform employees about the occupationalhealth and safety measures required for remote working,provide necessary training, ensure health inspections, and takenecessary measures about any equipment provided toemployees.

Also, article 4 of the Occupational Health and Safety Law No.6331 further stipulates that employers, in general, must:

  • ensure that all safety measures, including but not limited tothose preventing occupational risks and providinginformation and training, are taken; order in the workplace;all necessary tools and equipment are supplied; health andsafety measures are adjusted to changing conditions; andthat the current status of the workplace improves;
  • supervise and monitor whether the occupational healthand safety measures are complied with, and correct anyincompatibilities;
  • conduct or ensure a risk assessment;
  • pay attention to an employee’s suitability for a role in thescope of health and safety; and
  • take the necessary measures so that employees, other thanthose who receive adequate information and instruction, tonot enter places that would lead to life-threatening or aparticular danger.


However, Turkish academics argue that several health andsafety obligations may not apply to remote working, as they donot apply. For instance, they state that certain obligationsarising from the occupational health and safety legislation suchas preparing an emergency plan, firefighting, first aid, andevacuation are not applicable to remote working, as it would beunreasonable to expect employers to fulfil these kinds ofobligations regarding a place outside their authority.

To conclude, along with the obligations set out under theRegulation on Remote Working, employers should comply withgeneral occupational health and safety obligations, whereapplicable.

13. How has the pandemic impacted employers’obligations vis-à-vis worker health and safety beyondthe physical workplace?

Please see question 12. The general health and safetyobligations of employers do apply to the performance of tasksat or beyond the physical workplace, as much as is practicable.However, employers must avoid breaches of the right toprivacy, and therefore cannot intervene in an employee’sprivate life beyond the physical workplace.

14. Do employer health and safety obligations differbetween mobile workers and workers based primarily athome?

Turkish law does not differentiate between remote workersbeing mobile or primarily at home. As remote working is legallydefined as performing at home or outside the workplacethrough technological communication devices under anemployer’s direction, there are no particular rules applicable tomobile workers or workers based primarily based at home.Both categories may be considered as remote workers.

15. To what extent are employers responsible for themental health and wellbeing of workers who areworking remotely?

As mentioned above, employers must take all necessaryoccupational health and safety measures and protectemployees’ health, and physical and mental integrity. Also,according to article 417 of the Turkish Code of Obligations,employers must have all necessary equipment and toolsavailable to protect health and safety.

The same article further provides that employers must: protectand respect the personality of their employees; ensure order inthe workplace in compliance with the principle of good faith;and take any necessary measures to prevent employees frombeing exposed to psychological and sexual harassment andfrom being subject to further harm, if such an incident tookplace.

16. Do employees have a “right to disconnect” from work(and work-related devices) while working remotely?

As per article 10 of the Regulation on Remote Working,employers and remote workers can decide on timeframes andmethods of communication during remote working. Employersand employees can mutually agree on the scope of a “right todisconnect” in the remote-working agreement.

Having said that, Turkish academics mostly discuss the right todisconnect under the right to rest, which is provided under theConstitution. Nevertheless, although it is a controversial issuein Turkey, in current practice the “right to disconnect” is notfully recognised by employers in Turkey as regards remoteworking.

17. To what extent have employers been able to makechanges to their organisations during the pandemic,including by making redundancies and/or reducingwages and employee benefits?

In the scope of covid-19-related measures, the termination ofemployment contracts by employers was prohibited for threemonths from 17 April 2020, with certain exceptions. Withfurther extensions, this ban was extended to 30 June 2021.Therefore, redundancies have been prohibited from 17 April2020 to 30 June 2021, and any breach of this ban has been metwith a fine. On the other hand, employers have been grantedthe authority to impose unpaid leave (without employeeconsent), partially or in full, on employees during this period.Up until the end of the termination ban, employees on unpaidleave have received a daily allowance from the UnemploymentInsurance Fund.

Also, many companies chose to introduce salary reduction dueto the economic pressure arising from covid-19 at thebeginning of the pandemic by obtaining the written consent ofemployees.

In addition to the above, certain arrangements have beenintroduced to facilitate the requirements of short-time workingapplications, filed on the grounds of circumstances arising fromcovid-19.

18. What actions, if any, have unions or other workerassociations taken to protect the entitlements andrights of remote workers?

In Turkey, unions have mostly provided opinions or organiseddemonstrations about the recent Regulation on RemoteWorking. For instance, the Turkish Journalists Union publisheda list of recommendations concerning remote working for theattention of the Ministry and its employers. As anotherexample, the Confederation of Turkish Worker Unions issued acomprehensive study named “Remote Working with Regard toOccupational Health and Safety Aspects”.

Notwithstanding the above, in Turkey unionisation mostly existsin blue-collar industries. Therefore, these kinds of associationsmostly dealt with short-time working and unpaid-leavemechanisms during the pandemic.

19. Are employers required to consult with, or otherwiseinvolve, the relevant union when introducing a remote-working arrangement? If so, how much influence doesthe union and/or works council have to alter theworking arrangement (for example, to ensure workers’health and safety is protected during any period ofremote work)?

The Regulation on Remote Working is silent about employeerights arising from collective labour law. However, collectivebargaining agreements can regulate the execution, content,and termination of individual contracts. Therefore, remoteworking may be regulated as part of the content of anindividual contract. As per article 41 of the Act on Unions andCollective Bargaining Agreements, unions to which at least 1%of workers in the relevant field of business are a member canexecute a collective bargaining agreement for a certainbusiness or workplace, provided that more than half of theworkers employed at the workplace or 40% of the workersemployed in the business are members of the union at theapplication date.

In this regard, the Banking-Finance and Insurance WorkersUnion announced that they raised this issue in their collectivebargaining processes. As remote working has only becomewidespread during the covid-19 pandemic and the Regulationon Remote Working entered into force only recently, theinfluence of unions on working arrangements would varydepending on the negotiation process and their relations withemployers.

Visit International Employment Lawyer to explore the NewWays of Working comparative reference tool. Research country-specific regulations or build your own report comparingjurisdictions.

First published by Portobello Legal Media - International Employment Lawyer, in 21.09.2021

Find more insights