I. Introduction
Pursuant to Article 15 of Law No. 4054 on the Protection of Competition ('Law No. 4054'), the Competition Board ('Board') is empowered to carry out on-site inspections at the premises of undertakings whenever it considers such inspections necessary for the discharge of its duties. Within this ambit, the Board may examine all categories of information and documents maintained by undertakings in physical and electronic form, including materials held within information systems.
The details governing the exercise of these powers in relation to digital devices are set out in the 'Guidelines on the Examination of Digital Data During On-Site Inspections' ('Guidelines'). Pursuant to the Guidelines, on-site inspections may encompass the examination of employees' computers and mobile devices. In this regard, such inspections give rise to significant concerns for both undertakings and employees alike. These concerns are heightened in particular where employees have not been issued with company devices or where personal devices are used for business communications, as such devices may equally fall within the ambit of an on-site inspection.
Such anxiety surrounding on-site inspections may prompt employees to act precipitately and delete documents or, in particular, personal correspondence. Notwithstanding this, under the Board's settled decisional practice, data deletion in the course of an on-site inspection is treated as conduct that obstructs or impedes the inspection, irrespective of the nature or content of the deleted data, the motivation behind the deletion, or whether the deleted data is subsequently recovered. Accordingly, undertakings may be exposed to administrative monetary fines of up to 0.5% of their annual turnover pursuant to Article 16 of Law No. 4054 on account of data deletion alone.
Nevertheless, the Board has recently issued a number of notable decisions in which it appears to have adopted a comparatively more nuanced approach relative to its established strict practice. Against this backdrop, this article first sets out the Board's established approach to data deletion in the course of on-site inspections before proceeding to examine the significant distinctions that emerge from certain of its recent decisions.
II. Examples of the Board's Settled Approach to On-Site Inspections
The Board has historically maintained an exceptionally strict approach towards any conduct that may impede the effective conduct of on-site inspections or hinder the work of case handlers. The Board approaches such matters with a heightened degree of sensitivity and, in the vast majority of cases, proceeds to impose sanctions. Within this framework, several decisions in which the Board has characterised specific acts as infringements of the inspection obligation are set out below by way of illustration.
In the Balparmak Decision[1], the Board established that employees had deleted certain electronic mail correspondence following the commencement of the on-site inspection. Notwithstanding the subsequent recovery and examination of some of the deleted data, the Board concluded that this did not extinguish the obstructive or impeding character of such conduct. The Board observed that taking the contrary view would effectively confer an advantage upon undertakings in circumstances where data deletion could not be detected.
In similar terms, the Tahsildaroğlu Decision[2] established that employees had deleted data after the on-site inspection had commenced. Notwithstanding the partial recovery of the deleted data, the Board found that the deletion had been effected with the intention of concealing evidence, and held that the recoverability of the data did not alter the fact that the inspection had been obstructed or impeded.
In both decisions, which were broadly analogous in nature, the Board imposed administrative monetary fines on the undertakings concerned. These decisions serve as a clear illustration of the Board's general stance and its settled enforcement practice with respect to data deletion in the course of on-site inspections.
III. The Samsung and Balsu Decisions
Departing from the Board's settled practice, a markedly different approach was adopted in the Balsu Decision[3] and the Samsung Decision[4]. As set out above, the Board's traditional approach treats data deletion as constituting obstructive conduct per se, irrespective of intent or content. These two decisions, however, represent a departure from that prevailing line of reasoning.
In the Balsu Decision, approximately 1,500 electronic mail messages were deleted by employees of the undertaking following the commencement of the on-site inspection. The case handlers identified and recovered the deleted data, subjected the correspondence to examination, and found no evidence of any competition law infringement.
The Board underscored that data integrity had been preserved through the recovery of the deleted correspondence and that the on-site inspection had been concluded without any loss of data. It was further stated that the absence of any infringement-related findings within the recovered data indicated that the deletion ought not to be characterised as conduct obstructing or impeding the inspection. On those grounds, no administrative monetary fine was imposed on Balsu.
A comparable line of reasoning was applied in the Samsung Decision. In that matter, it was established that certain messages within the internal messaging application 'Knox Teams', used by employees, had been deleted following the commencement of the on-site inspection. The undertaking maintained that the messages were automatically deleted upon employees leaving chat groups and that the employees who had left the groups had not been aware that an on-site inspection was underway. Crucially, it emerged that the deleted messages remained accessible via the devices of other employees and had been examined by the case handlers.
The Board determined that the automatic deletion resulting from employees leaving the chat groups did not evince an intention to delete data. Moreover, when assessed in conjunction with the accessibility and examinability of the messages and the absence of any infringement-related findings in the content, the Board concluded that the conduct could not be characterised as obstructing or impeding the on-site inspection. Accordingly, and consistently with the Balsu Decision, no administrative monetary fine was imposed.
In this regard, the Balsu and Samsung decisions illustrate that, in certain exceptional circumstances, the Board may depart from its strict approach — under which data deletion is regarded as an infringement in all cases — and may instead have regard to factors such as the preservation of data integrity, the accessibility of the data, and the absence of infringement-related findings within the deleted content. It may accordingly be said that the Board adopted a more considered and analytically rigorous approach in those decisions.
IV. The Coca-Cola Decision
In the Coca-Cola Decision[5], the Board established that WhatsApp messages had been deleted by employees following the commencement of the on-site inspection. It was further determined that one employee deleted a message sent in a WhatsApp conversation with a contact recorded as 'P.G.' and immediately enquired of the counterparty, 'Does it appear that you deleted this message as well?', to which the counterparty responded, 'Yes, it appears so,' thereby confirming the deletion.
Coca-Cola maintained that the deleted WhatsApp groups comprised personal correspondence among family members and submitted sample messages from certain groups in the course of the inspection. However, neither the employees nor the undertaking was able to procure the recovery of all deleted data in a manner that would preserve data integrity.
Following the on-site inspection, Coca-Cola submitted a written defence to the Authority, contending that WhatsApp and similar messaging applications were prohibited for business purposes pursuant to its information security policies and that internal audits had disclosed no business-related WhatsApp correspondence on the majority of devices. It further maintained that the deleted messages were purely personal in character, that the group names reflected this fact, and that 'P.G.' was not a Coca-Cola employee. Coca-Cola additionally submitted records pertaining to four WhatsApp groups and the correspondence with P.G., which it asserted had been retrieved from archives by means of the 'export chat' function on other participants' devices.
Whilst the Board accepted that the submitted correspondence gave the impression of pertaining to private life, it underscored that these materials did not disclose the entirety of the deleted chats in a manner that preserved data integrity. It was further observed that additional WhatsApp groups identified in the course of the on-site inspection had not been included in the documents subsequently submitted by Coca-Cola. Accordingly, the Board concluded that the undertaking had failed to furnish the complete contents of the deleted data and had provided only partial samples in respect of certain groups. Furthermore, both during and after the inspection, it proved impossible to determine whether the deleted data comprised solely group chats or whether individual conversations had also been deleted. Consequently, it could not be conclusively established that the deleted data consisted exclusively of personal correspondence.
On those grounds, the Board held that the data deletion had obstructed or impeded the on-site inspection and imposed an administrative monetary fine on Coca-Cola.
V. Conclusion
The Board's decisional practice with respect to data deletion in the course of on-site inspections reflects an approach that is evolving in character yet fundamentally cautious in its orientation. Under the established line of authority, any data deletion effected following the commencement of an inspection was treated as inherently obstructive conduct, irrespective of intent, content, or recoverability. Whilst the Balsu and Samsung decisions offered a brief indication that factors such as the preservation of data integrity, the accessibility of the data, and the absence of infringement-related findings may, to a limited degree, be taken into account, the Coca-Cola Decision confirms that the circumstances in which such considerations may be invoked remain narrowly circumscribed.
Where deleted data cannot be fully recovered in a manner that preserves data integrity, or where it cannot be conclusively demonstrated that the deletion pertained exclusively to personal correspondence, the Board continues to apply its strict approach and to impose substantial administrative monetary fines. Considered together, these decisions indicate that the Board exhibits flexibility only in exceptional and clearly verifiable circumstances, and that undertakings and employees alike should proceed with the awareness that any data deletion in the course of an on-site inspection carries a significant risk of sanction.
[1] The Board’s decision dated 02.03.2023, numbered 23-12/180-56.
[2] The Board’s decision dated 30.04.2025, numbered 25-17/409-190.
[3] The Board’s decision dated 17.08.2023, numbered 23-39/727-250.
[4] The Board’s decision dated 10.04.2025, numbered 25-14/330-157.
[5] The Board’s decision dated 20.11.2025, numbered 25-43/1058-605.