Cookies; Small data files used for purposes such as remembering user preferences, measuring site performance and operating advertising technologies. However, cookies, especially for analytical and advertising purposes, can be considered within the scope of personal data processing as they can track user behavior.
Within the scope of the Personal Data Protection Law No. 6698 (KVKK) in force in Türkiye, certain conditions must be met in order for personal data to be processed. Article 5 of the law states that obtaining the explicit consent of the relevant person is one of the basic conditions for the processing of personal data.
In this context, the “Guide on Cookie Applications” published by the Personal Data Protection Authority (KVKK) reveals important principles regarding the use of cookies by websites. According to the guide, for the use of non-essential cookies, explicit consent must be obtained from the user and a system must be provided to the user where he can manage his cookie preferences.
However, in practice, although there are cookie banners on many websites, situations may occur such as the user is not given the option to reject it, cookie categories cannot be managed separately, or some cookies are activated before the user makes a choice.
According to experts, such applications can bring several important risks for websites:
Legal compliance risk:
If personal data is processed within the scope of cookie use, data processing without explicit consent may pose a problem in terms of legislation.
User trust risk:
Users are becoming more conscious about data privacy in recent years. Non-transparent cookie practices can negatively affect user trust.
Lack of transparency and information:
Not providing users with sufficient information about cookie categories or not providing them with the opportunity to manage their preferences can make it difficult to understand data processing processes.
Evaluations made by Bildirt, a local software company that develops web technologies in Türkiye, point out that cookie management has become an important issue, especially for sites with high traffic. In the analyzes published by the company, it is stated that although there are cookie banners on many websites in Türkiye, no real preference management is offered to the user.
For this reason, in recent years, the use of cookie management platforms (Consent Management Platform – CMP) has become rapidly widespread around the world. Thanks to these systems, websites can record cookie permissions received from users and allow users to manage their cookie preferences more transparently.
The cookie management system developed by Bildirt aims to help websites manage cookie permissions in accordance with KVKK and international data protection standards. Thanks to the system, users can control cookie categories separately, while website administrators can track user permissions through a central panel.
According to experts, providing websites with a clear and understandable preference mechanism for cookie management is seen as an important step in terms of both compliance with data protection legislation and strengthening the digital trust environment.
