Taking ID Photocopies in the Hotels Found to Be Unlawful!
An important development has occurred regarding the protection of personal data in the tourism and hospitality sector. The Personal Data Protection Board (KVKK) announced in its Principle Decision dated 06.11.2025 that taking photocopies of Turkish ID cards during accommodation is unlawful. This decision is critical for both businesses and guests in terms of data security, and the key points are summarized below.
Author: Hatice Arabacı Yesir
Date: 09.12.2025
KVKK published its Principle Decision numbered 2025/2120 on 06.11.2025. This decision includes significant legal assessments regarding the practice of taking ID card photocopies in accommodation facilities and directly affects data processing activities.
Under the Identity Notification Law No. 1774 and its implementing regulation, accommodation facilities are obliged to keep records of guests’ identity information (name, surname, Turkish ID number) and arrival/departure details on a daily basis and make them available for inspection by law enforcement authorities.
With this decision, KVKK confirmed that requesting an ID card to verify identity is lawful. However, even for verification purposes, taking and recording a photocopy of the ID card constitutes excessive data processing and lacks any legal basis. Therefore, recording photocopies of guests’ ID cards is considered an unlawful data processing activity under KVKK.
The decision also highlights that old ID cards contain sensitive personal data such as religion and blood type. If data controllers record photocopies of these IDs, they would also violate Article 6 of KVKK, which regulates the processing of special categories of personal data.
Additionally, the decision states that processing personal data for invoicing purposes in the tourism and hospitality sector is permissible.
CONCLUSION:
As a result of this decision, data controllers must pay attention to the following points:
