25316
wp-singular,post-template-default,single,single-post,postid-25316,single-format-standard,wp-theme-stockholm,wp-child-theme-stockholm-child,stockholm-core-2.2.8,select-child-theme-ver-1.1,select-theme-ver-8.7,ajax_fade,page_not_loaded, vertical_menu_hidden,,qode_footer_adv_responsiveness,qode_footer_adv_responsiveness_1024,qode_footer_adv_responsiveness_one_column,qode_menu_center,qode-mobile-logo-set,wpb-js-composer js-comp-ver-7.7.2,vc_responsive
Valloni / News  / DATA PROTECTION OF ATHLETES IN TÜRKİYE
29 April 2026

DATA PROTECTION OF ATHLETES IN TÜRKİYE

Data is an exceptionally valuable commodity in the modern sporting world. Whether it is performance metrics or medical history, information related to athletes has become a cornerstone of the industry.

Consequently, the legal protection of this data is a high priority for sports clubs, federations, and technology companies operating in Türkiye.

Data protection in Türkiye is primarily governed by the Law on the Protection of Personal Data No. 6698 (KVKK). Enacted in 2016 and heavily influenced by the European Union General Data Protection Regulation, the KVKK sets out the fundamental rules for protecting the private and personal information of professional and amateur athletes.

Data Protected

In the sports sector, organisations often process a wealth of information generated by wearable technology and administrative records. This data is legally protected and includes:

Biometric and Genetic Data: Heart rate; DNA profiles; and physiological data from fitness trackers.

Health Data: Injury history; rehabilitation progress; and drug test results.

Location Data: Movement tracking via GPS during training or matches.

Performance Data: Technical stats; scouting reports; and psychological evaluations.

Identity Information: Basic details, such as name; address; and Turkish ID numbers.

Legal Grounds for Collecting Data

Under the KVKK, an athlete data can only be processed with a valid legal reason.

The most common grounds include:

Explicit Consent: For sensitive categories, specifically health and biometric data, obtaining the athlete’s “explicit consent” is generally required. This must be a freely given, informed, and an express declaration of will.

Contract Performance: Data processing necessary for the execution of professional players’ contracts or club membership agreements.

Legitimate Interest: Processing that is necessary for the legitimate interests of the club or federation, provided that it does not violate the fundamental rights and freedoms of athletes.

Legal Obligation: Data collected must comply with statutory requirements, such as reporting to the Ministry of Youth and Sports or Social Security (SGK) filings.

Mandatory Compliance

Sports organisations must ensure transparency and security:

The Obligation to Inform (Clarification): Athletes must be provided with a “Clarification Text” explaining what data is collected, for what purpose, to whom it may be transferred, and athletes’ rights.

Data Security: Sports organisations are required to take all necessary technical and administrative measures to prevent unlawful access. This includes using encryption, firewalls, and conducting regular audits.

VERBİS Registration: Most sports organisations exceeding certain thresholds (annual turnover or number of employees) must register with the Data Controllers’ Registry (VERBİS) and maintain an up-to-date data inventory.

Athletes’ Rights

Under Article 11 of the KVKK, athletes have several rights regarding their data:

Access: Finding out if their data is being processed and requesting information.

Rectification: Correcting inaccurate or incomplete data.

Erasure/Destruction: Requesting the deletion of data if the reasons for processing no longer exist.

Compensation: The right to claim damages if athletes suffer a loss due to unlawful data processing.

Non-Compliance Consequences

The Personal Data Protection Authority (KVKK Board) is active in enforcement. In 2026, administrative fines have been significantly increased due to annual revaluation rates:

Financial Penalties: For the most serious violations, such as data security breaches or failure to comply with Board decisions, fines can reach up to 17,092,242 TL per violation.

Reputational Damage: Public announcements of breaches by the KVKK Board can severely damage the trust between athletes and their clubs.

Legal Liability: Beyond administrative fines, athletes can pursue private litigation for “misuse of private information,”, similar to the precedents seen in international sports law (for example, the Max Mosley case in the United Kingdom).

We advise athletes, sports clubs, and federations on all matters relating to sports data protection in Türkiye, including compliance audits, drafting of Clarification Texts, and professional representation in disputes, and further information is available from the Head of our Turkish Law Practice, Gurur Gaye Günal, by emailing her at gunal@valloni.ch.

 

Tags: