In the past few years, electronic messages have become one of the most prominent (and irritating) tools for marketing in Turkey. Due to the lack of legislation governing the protection of personal data, personal information such as e-mail addresses and telephone numbers of many consumers could easily be accessed by service providers and there are no rules limiting how this information may be used for marketing purposes. Although general and comprehensive legislation on personal data protection is yet to be issued, the introduction of the Law Considering the Regulation of Electronic Trade and the relevant secondary legislation is seen as an important step forward for reducing the amount of spam that consumers receive via e-mail, SMS and other forms of electronic messages. The Law became effective on 01.05.2015 and the secondary legislation (Regulation Considering Commercial Communications and Commercial Electronic Messages) was entered into force quite recently on 15.07.2015.
The most significant concepts introduced by the new legislation are the "explicit consent (opt-in)" and the "right to reject (opt-out)". The new legislation clearly states that service providers may send commercial electronic messages to consumers only if the consumers allow them to do so. Moreover, the new legislation contains deterrent administrative fines for service providers who are in violation of these rules.
After the introduction of the new legislation, the amount of electronic messages sent by service providers decreased dramatically. However, service providers started sending electronic messages, which state that consumers will continue to receive such messages unless they explicitly state otherwise (providing consumers with a right to opt out). Such an approach, where it is assumed that the consumers implicitly consent to receiving commercial electronic messages by not rejecting them, is a clear violation of the new legislation. This is because the concept of "explicit consent" requires consumers to provide their explicit affirmative consent for receiving these messages. In other words, the consumers shall receive commercial electronic messages only when they have voluntarily opted in to do so.
Furthermore, the new legislation states that service providers shall not send electronic messages to acquire the consent of consumers. The de-facto situation where all service providers are sending electronic messages to consumers in order to acquire their consent may seem to be in conflict with this rule. However, the new legislation foresees an exception for the databases that were formed prior to the entry into force of the Law.
The new legislation makes a distinction between two types of databases. The first group consists of databases that are formed by service providers themselves, whereby the electronic communication contact information of consumers were obtained directly by the service providers (service provider database). The second group consists of databases that are formed by third parties who had acquired general authorization to use the consumer information for the purpose of sending commercial electronic messages on behalf of other service providers (third party database).
As far as service provider databases are concerned, the legislation allows service providers to continue sending commercial electronic messages to consumers. The only requirement is that the consumer must be informed that he/she is a part of a database and he/she should be reminded of his/her right to opt out. Thus, when consumers receive a message which states that they are currently listed in the database and that they may choose to leave by sending an electronic message, this would not be a violation of the legislation.
The application of the new legislation as regards third party databases is different. Third party databases are those that are formed by larger institutions such as mobile operators and banks. These companies hold a significant bargaining position vis-ŕ-vis consumers and it is easier for them to obtain general authorization from consumers. These third parties then send commercial electronic messages on behalf of service providers. However, consumers generally do not understand the scope of the general authorization (a typical case of information asymmetry). The new legislation takes this factor into consideration. According to paragraph 4 of provisional article 1 of the Regulation, the service providers, on behalf of whom the third party databases had previously sent electronic messages, have the right to send one electronic message to consumers to ask for their explicit consent for the continuation of these messages. In the case of third party databases, the Regulation makes it clear that the silence of the consumer shall not be regarded as an implied consent.
The second important concept that is introduced by the new legislation is the right to reject (right to opt out). The new legislation provides that consumers who previously provided explicit consent to receive commercial electronic messages from certain service providers shall be given the right to opt out. These consumers shall be able to use this right whenever they want, freely and without having to show reasons.
Other than that, all service providers must include information to make themselves identifiable to consumers when sending commercial electronic messages.
The legislation draws up a strict legal framework and contains detailed rules and serious sanctions in relation to the sending of commercial electronic messages. Service providers who violate these rules will be sanctioned in accordance with Article 12 of the Law. Subparagraph (a) of paragraph 1 holds that service providers who are in violation of the rules regarding the sending of commercial electronic messages shall be subject to administrative fines between 1.000 TL and 5.000 TL. Paragraph 2 of the same Article further states that in the event of service providers sending illegal commercial messages to more than one party, the administrative fine shall be increased to up to ten times.
It is known that the mere presence of strict rules and sanctions would not be effective without efficient execution. When such rules, which are aimed at protecting consumers, are considered, it is generally the case that the efficiency of their execution depends on the participation of the consumers. Hence, for example, the applicability of the rules and the deterrent effects of the sanctions would increase if the service providers know that the consumers would report misconduct to the relevant authorities.
In many instances, the process of reporting misconduct leads to the creation of transaction costs and consumers often choose not to get involved. In order to remedy the transaction cost problem, the new legislation designed a very simple complaint mechanism. According to the Regulation, consumers may use the e-government website or the website of the Ministry of Customs and Trade to make complaints.
Although the legislation is relatively new, it seems that service providers will need to find new ways to reach consumers as sending commercial electronic messages to consumers will not be as easy as it used to be. The new legislation is an important step for the protection of consumers but the Turkish legislative framework could never be complete unless a general legislation concerning the protection of personal data is also introduced.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.