ur unsolved problem: unauthorized advertisements, promotional messages, emails, phone calls… Although the details and implementation conditions are not yet clear, we can say that an important step has been taken in solving the problem with the Commercial Electronic Message Management System- İleti Yönetim Sistemi (İYS) regulated by the Regulation on Commercial Communication and Commercial Electronic Messages within the framework of the Personal Data Protection Law (KVKK). Whether it is applicable or not, we will see together in the coming times. However, it is worth noting that service providers have been given time until June 1, 2020, to register in the database of the Commercial Electronic Message Management System (İYS).
Let’s take a closer look at the Commercial Electronic Message Management System
In 2014, with the enactment of the Electronic Commerce Regulation Law, a regulation was made to obtain consent from recipients before sending commercial electronic messages. However, this regulation was understood as “commercial electronic messages can be sent to recipients who do not reject them,” and the problem was not resolved. It should be noted that the issue gained a bit more seriousness in the public eye with the decisions of the Personal Data Protection Board regarding unauthorized sending of commercial electronic messages and the sanctions imposed from a personal data perspective. However, to definitively resolve the issue, technical regulations and a common platform were required to prevent the sending of commercial electronic messages without consent and to allow recipients to withdraw their consent if they had given it. The Message Management System aims to provide a solution to these gaps.
What Is a Commercial Electronic Message?
According to the Regulation on Commercial Communication and Commercial Electronic Messages, any communication sent via electronic means such as telephone, call centers, faxes, automatic dialing machines, smart voice recording systems, electronic mail, short message services, which are intended for commercial purposes and contain data, voice, or visual content, is defined as a commercial electronic message.
According to this definition, messages sent by service providers to the electronic communication addresses of recipients with the aim of promoting, marketing, introducing their goods and services, or increasing their recognition with contents such as greetings and wishes, are considered as commercial electronic messages.
How Is a Commercial Electronic Message Sent?
Before sending a commercial electronic message, consent must be obtained from the recipients. This consent can be obtained in writing with a wet signature or through any means of communication in electronic form. It is essential to note that service providers have the obligation to prove that consent has been obtained. Therefore, when obtaining consent through “any means of communication,” it is crucial to use methods that will fulfill the burden of proof. In the consent received from the recipient, a positive statement of will indicating the recipient’s acceptance of receiving commercial electronic messages, along with the recipient’s name, surname, and electronic communication address, must be included, whether in physical or digital form. Furthermore, it has been regulated with an amendment dated January 4, 2020, that this consent can also be obtained through the İYS.
Commercial electronic messages cannot be sent to recipients who have not given their consent. The right to withdraw consent is always available to recipients, and the necessary means must be provided to recipients to exercise this right. It should be emphasized that sending commercial electronic messages to recipients who have not given prior consent and offering an option to reject such messages in these messages is a highly incorrect practice.
What Should Be Included in the Content of a Commercial Electronic Message?
First and foremost, the content of a commercial electronic message must be in line with the consent obtained from the recipients. In this regard, it should be underlined that the information must be provided correctly and clearly in the consent obtained from the recipients.
In the title or content of the commercial electronic message, the trade registration number and trade name for merchants, and the name and surname with the Turkish Republic ID number or tax identification number for craftsmen should be included. For commercial electronic messages sent via SMS, the MERSIS number for merchants and the name and surname with the Turkish Republic ID or tax identification number for craftsmen should be included. In voice calls, the trade name for merchants and the name and surname for craftsmen should be stated.
According to the relevant regulation, in the content of the commercial electronic message, the brand or business name can also be included in addition to the above. Furthermore, it is specified in the regulation that at least one of the contact information of the service provider (commercial entity), such as phone number, fax, SMS number, and email address, must be included.
If the nature of the commercial electronic message cannot be clearly understood from its content, an indicative phrase determining its nature, such as promotion, campaign, and information, must be included in the message. This phrase should be clearly stated at the beginning of the message for messages sent via SMS, in the subject section for messages sent via email, and at the beginning of the conversation for voice calls.
If the commercial electronic message includes promotions, gifts, promotional competitions, or games, this should be clearly indicated in the message. The validity period of promotions, the conditions that the recipient must fulfill to benefit from them, should be presented in a clear and unequivocal manner through methods that can be easily accessed, such as a URL address specific to these matters or a customer service number.
When Is Consent Not Required?
According to the Regulation on Commercial Communication and Commercial Electronic Messages, there is no requirement to obtain consent separately for commercial electronic messages related to changes, usage, maintenance, reminders of debt, information updates, purchase and delivery, or similar situations regarding goods or services for which the recipient has provided their contact information to be contacted.
Consent is also not required for the transmission of commercial electronic messages related to legal obligations imposed on service providers. As an example of this situation, we can mention the obligation to notify the receipt of an order, which was introduced by the Electronic Commerce Regulation Law. However, it should be noted that, according to the regulation, in such notifications, no encouragement or promotion of any goods or services can be made.
Consent is not mandatory for sending commercial electronic messages to the electronic communication addresses of recipients who are merchants or craftsmen. However, the registration of the electronic communication addresses of merchants and craftsmen in the İYS is mandatory, and if merchants and craftsmen exercise their right to reject, commercial electronic messages cannot be sent without obtaining their consent. It is also specified in the regulation that it will be determined whether merchants and craftsmen have used their right to reject through their records in the İYS.
Finally, consent is not required for commercial electronic messages sent for informational purposes to customers by companies engaged in brokerage activities in accordance with the capital market legislation.
Who Cannot Send Commercial Electronic Messages without Consent?
First of all, it should be noted that there is a contradiction between legal regulations regarding who is within the scope of the obligation, and clarity is needed on this issue.
The Electronic Commerce Regulation Law, which made the first regulation about commercial electronic messages and came into effect in 2014, covers e-commerce service providers and intermediary service providers (marketplace applications). However, the law generally regulates the sending of commercial electronic messages, and it is not clear from the wording of the law that this obligation is only imposed on e-commerce service providers.
The Regulation on Commercial Communication and Commercial Electronic Messages states that it covers all communications made through electronic communication tools. This scope includes not only e-commerce service providers but also all commercial businesses.
Furthermore, the regulation states that commercial electronic messages sent by operators within the scope of the Electronic Communications Law, foundation universities, and professional organizations and associations are excluded from the scope of the regulation.
Considering all these regulations together, it can be assumed that the rules regarding the sending of commercial electronic messages are regulated within the framework of the legislation that includes all commercial businesses, whether they engage in e-commerce or not. However, it is important to note that the relevant regulations were made in 2014, and as of today, all businesses send electronic commercial messages, whether they engage in e-commerce or not, and the rules regarding commercial electronic messages do not emphasize e-commerce.
What Is the Commercial Electronic Message Management System (IYS)?
The Commercial Electronic Message Management System (IYS) is defined as a system that enables obtaining consent for commercial electronic messages, using the right to reject, and managing complaint processes. The İYS aims to create a common platform that brings together service providers and recipients.
Recipients can give consent for commercial electronic messages, revoke previously given consents, and file complaints against service providers through the IYS.
Service providers must upload the consents they have obtained for sending commercial electronic messages to the IYS database by June 1, 2020. At the end of June 1, 2020, recipients will be informed that their consents have been uploaded to the IYS and that they should check their consents by September 1, 2020. If they do not check, their consents will be considered valid, and it will be explained that they have the right to reject through the IYS. Until September 1, 2020, recipients who do not check their consents will be assumed to have given consent. However, recipients have the right to reject commercial electronic messages at any time, even after these deadlines.
After the specified transition period ending on September 1, 2020, service providers can send commercial electronic messages only through the IYS and only to recipients who have given their consent. The burden of proof for consents obtained by businesses and uploaded to the İYS database by June 1, 2020, belongs to the service providers. However, after the IYS system is implemented, the burden of proof that consent has been obtained will be provided through the IYS.
Integration, registration, and processing details of the system have not yet been clarified, but in general, we can say that a constructive step has been taken. We hope that with this system, which is important in terms of the principles of personal data protection, transparency will be achieved for all parties involved, and significant progress will be made in solving the problem of commercial electronic messages.