Türkiye's Personal Data Protection Authority (KVKK) has ruled that employers cannot use biometric data to monitor employees' attendance, saying the practice violates the country's personal data protection legislation.
According to a principle decision published in the Official Gazette on Tuesday, the KVKK determined that processing employees' biometric data for attendance tracking purposes cannot be justified under legal provisions, even if workers provide explicit consent.
The board said attendance monitoring systems based on biometric identifiers, including fingerprints, retina scans, facial and hand geometry, and voice characteristics, are incompatible with the principles of the Law on the Protection of Personal Data.
The ruling emphasized that employers should instead use less intrusive methods to track attendance, such as password-protected cards, PIN-based systems, traditional signature logs, paper attendance sheets, RFID or NFC identity cards, or manual registration under supervisory oversight.
