Turkey: Recent Amendments to the Regulation on Internet Mass Use Providers

A new Regulation on Internet Mass Use Providers ("Regulation") was published in the Official Gazette on 1 April 2017, and entered into force on the same date.^[1] The Regulation was enacted based on Article 11 of Law No. 5651 on the Regulation of Broadcasts via the Internet and Prevention of Crimes Committed through Such Broadcasts ("Law"), and sets out the liabilities, obligations and auditing processes of Internet mass use providers.

The amendments are not major or extensive, but they nevertheless impose wider obligations on Internet mass use providers, which are defined as "real persons or legal entities providing the opportunity to the public to use the Internet at a certain place and in a certain period of time." It should be noted that this definition is extensive; for instance, an employer providing Internet use at its workplace might also fall thereunder. As stated above, there are new obligations imposed on the Internet mass use providers. According to the public statement of the Information and Communication Technologies Authority ("ICTA") dated 11 April 2017^[2], to protect children from unlawful and unethical contents on the Internet, Internet mass use providers are obliged to use a filtering system to prevent access to unlawful content, keep access logs, and store them electronically on their systems for 2 years. Moreover, in case it is demanded by consumers, the right to demand and obtain secure Internet services (in addition to the filtering system) is included in Article 4 of the Regulation. Secure Internet services are regulated by ICTA, and these services should be provided by Internet service providers free of charge to their subscribers.

Additionally, public domain Internet mass use providers are obliged by the amendment to build a system that identifies its users with various methods, such as short message service (SMS). To comply with this provision, an Internet user might be forced to provide its phone number to the Internet mass use provider, for the identification of the relevant subscriber. Therefore, the Regulation introduces certain specific technical measures for Internet mass use providers. 

The following liabilities are set forth in Article 5 of the Regulation, entitled "Liabilities of Internet mass use providers for commercial purposes"

• to keep the content filtration system active and up-to-date and to prevent the shutdown of the filtration system which is being used,
• to notify the local authorities about the changes of static IPs within 15 days,
• to keep access logs and to store them electronically on their systems for 2 years,
• to notify the local authorities about the closure or transfer of the workplace and to deliver the license within 15 days in accordance with the Regulation No. 2005/9207 on Establishing Business and Working Licenses, dated 14 July 2005.

Article 10 of the Regulation stipulated that the local authorities were responsible for auditing Internet mass providers. With the amendment, this duty passes to a commission which will be established within the body of the local authorities. Therefore, the following statement has been added to Article 10: "At least three members of the commission should carry out the auditing process. As a result of the audit, a report should be written and signed by the members in attendance. A copy of the report should be given to the owner or the manager of the workplace should acknowledge the receipt of the report by signing for it." The lower limit of the administrative sanction for Internet mass use providers was reduced with the amendment to Article 11. The former article only set forth an administrative fine. However, the new article prescribes "a written warning for the first breach, a cessation of commercial activities for up to 3 days if the breach continues, and an administrative fine ranging from a thousand Turkish Liras to fifteen thousand Turkish Liras, if the breach is repeated."

In addition, the Prime Minister had been responsible for the supervision of the enforcement of the Regulation. With the amendments, this duty is transferred to the President of the Information and Communication Technologies Authority.

In conclusion, with the amendment, the Regulation has been adapted to the Law, while imposing additional obligations and liabilities on Internet mass use providers. Considering the fact that the definition of Internet mass user providers is far-reaching, the amendments might be relevant to a large section of the public.