AC
Anasayfa Makaleler IT Law

Cookie Usage and KVKK / GDPR Compliance

15 Mart 2026 IT Law 2 dk okuma 32 görüntülenme

Cookies are small text files that websites place on the user's device. It is used for remembering user preferences, session management and analytical purposes. It is subject to special regulations within the scope of KVKK and GDPR.

1. Strictly Necessary

Mandatory for basic functions of the site (session, cart, security). Does not require explicit consent.

2. Performance / Analytics

Measurement of site usage (Google Analytics, Hotjar). Explicit consent is required.

3. Functionality

Language, region, visual preference recall. Explicit consent is recommended.

4. Marketing / Targeting

Advertising, retargeting, social media pixels. Explicit consent is mandatory.

  • It should appear as soon as the site is opened
  • Non-essential cookies should not be installed until the user makes a choice
  • Accept and Reject options must be equally visible
  • Cookie categories should be allowed separately
  • The preference should be able to be changed later

There should be a separate "Cookie Policy" page on the website. Content:

  • Which cookies you use
  • Purpose, duration, type of each
  • Third party cookies (Facebook Pixel, Google Ads etc.)
  • How to manage cookie settings (per browser)
With the "Guide on Cookie Applications" dated 20.06.2022, the KVKK Board has clearly stated that cookies are personal data processing activities within the scope of KVKK, and therefore, clarification and explicit consent must be obtained when necessary.

GDPR and ePrivacy Directive

In the EU, according to the ePrivacy Directive, explicit consent is mandatory for all non-functional cookies. The application of the same standard for Türkiye has become close to the KVKK Board guide.

Sanction

Installing analytical / marketing cookies without explicit consent constitutes a violation of personal data processing conditions within the scope of KVKK and may be subject to an administrative fine.

Practical Steps

  • Scan and categorize all cookies
  • Set up a cookie band (open source: Cookiebot, OneTrust)
  • Make the reject button as prominent as the acceptance button
  • In case of rejection, continued use of the site
  • Third party tools (Google Tag Manager) trigger after permission

    • Cookie non-compliance carries a high risk of administrative penalties; Get browser tests by getting KVKK compliance consultancy

    Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

    Hukuki destek arıyorsanız

    Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

    Görüşme Planla