On November 11, 2014, the Council of State suspended Article 1.6 of the Communiqué on Healthcare Practices, which requires healthcare service providers to confirm the identity of applicants for health services with biometric data. Following the decision, registration of applicants' biometric data in the Social Security Institution's database is no longer possible, at least until a final court decision.
What the court decision says
The Turkish Social Security Institution's recent introduction of mandatory biometric identity authentication (e.g., palm prints) has been widely criticized, prompting The Turkish Physicians Association as well as several individuals to initiate lawsuits to cancel this new rule. In response, the Council of State has suspended application of the rule, pending final resolution of the litigation.
The Council of State concluded that requiring biometric identity authentication as a condition of receiving health services is contrary to the Turkish Constitution, reasoning that government action affecting privacy can only be regulated by parliamentary acts, to prevent arbitrary interference of public bodies, such as the Social Security Institution. Healthcare service providers are nevertheless still obligated to identify applicants; they are, however, no longer required to register or identify patients using biometric data.
The decision is significant as it is yet another demonstration of Turkey's increased awareness of data privacy issues at the highest levels of government.
Actions to consider
Healthcare service providers should be aware that biometric data is classified as personal data and suspend the use of patient biometric data, at least until a final court decision.
Non-healthcare service providers should avoid collecting and processing sensitive personal data unless they have the express consent of the person whose data is collected, or unless there are explicit statutory grounds for data collection and processing.