AC
Anasayfa Makaleler

KVKK Explicit Consent vs Legitimate Interest: Which Legal Reason Should the Company Choose?

TL;DR

Açık rıza tek hukuki sebep değil; meşru menfaat, sözleşmesel zorunluluk, hukuki yükümlülük gibi alternatifler genellikle daha sağlam.

15 Şubat 2026 3 dk okuma 8 görüntülenme Son güncelleme: 9 Mayıs 2026

Explicit consent is not always the safest; The data subject may withdraw consent. Alternatives such as legitimate interest and contractual obligation are generally more robust.

KVKK article 5 and 6 legal reasons

  • Explicit consent.
  • Clearly prescribed by law.
  • Obligation for the conclusion or performance of the contract.
  • Legal liability of the data controller.
  • The data has been made public by the owner.
  • The establishment, use or protection of a right.
  • Legitimate interest (for personal data; none for special categories of data).
  • Communication for marketing purposes (SMS, e-mail).
  • Profiling, targeted advertising.
  • Cookie (analytics / marketing).
  • Sharing to third parties for promotional purposes.
  • Transfer abroad (if there is no alternative).

When is legitimate interest?

  • Information security (log, SIEM).
  • Business intelligence (anonymous traffic analysis).
  • Fraud detection.
  • Internal control.
  • Defense of rights.

"Balancing test" — balance test

  • What is the company's interest?
  • Is it expected from the perspective of the data subject?
  • Are there less intrusive alternatives?
  • Is the intervention proportionate?
  • The test result should be kept as a document.

    • Frequently asked questions

    We use CRM, should we obtain explicit consent for customer data?

    No if it is mandatory for the performance of the contract; "product/service relationship" legal reason is sufficient. Additional explicit consent separate module for marketing.

    What to use for employee data in HR

    Scope of Labor Law + Social Security legislation: legal liability. Performance evaluation: legitimate interest (with balancing test). Health data: special quality, additional protection.

    What happens if explicit consent is withdrawn?

    Processing is stopped after the withdrawal date. However, if there is a different reason such as legitimate interest / contract performance, it may continue. Therefore, multiple cause documentation is recommended.

    How should cookie consent be obtained on the website?

    "Reject" appears at least as much as "Accept"; pre-checked boxes are invalid; marketing cookie opt-in. Detail: KVKK Cookie Guide 2022.

    Can the legal reason be changed?

    Yes, but notification to the data subject + update of the information text + new consent in some cases. If the reason moves from "explicit consent" to "legitimate interest", a balancing test certificate is required.

    Relevant legislation

    • KVKK no. 6698 article 12 — Data security obligation; notice of violation (art.12/5).
    • KVKK no. 6698 article 14 — Right to compensation.
    • KVKK no. 6698 article 18 — Administrative fine (up to 5 million TL).
    • GDPR Art. 33-34 — 72-hour infringement notification on EU cross-border transfer.
    • TCK art.135-136 — Unlawful recording/dissemination of personal data.
    Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case. Durations, rates and practice are shaped by jurisprudence; Check the current legislation before applying.

    Kaynaklar ve referanslar

    Kaynaklar

    KVKK Açık Rıza vs Meşru Menfaat: Şirket Hangi Hukuki Sebebi Seçmeli? içeriği hazırlanırken resmi mevzuat ve yüksek yargı kaynakları esas alınmıştır.

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla