O
ne of the most common complaints from consumers is the persistent receipt of advertising messages which is called as commercial electronic messages (CEMs) in Turkish law for advertising or informational purposes sent by companies. Although legal efforts related to CEMs began in 2015, it’s challenging to say that these efforts have been entirely successful. In this context, the Personal Data Protection Board has provided hope for consumers with its recent decisions concerning the sending of CEMs without consent. The Board imposed significant fines on companies sending unsolicited CEMs, sending a clear message to those involved.
What Is a Commercial Electronic Message (CEM)?
A commercial electronic message (CEM) refers to data, voice, and image content transmitted through electronic means such as phones, call centers, faxes, automatic calling machines, smart voice recording systems, electronic mail, and SMS services for commercial purposes. This definition is outlined in the Regulation on Commercial Communication and Commercial Electronic Messages, which came into effect in 2015. It covers all communications and calls sent by companies or brands to consumers via electronic communication addresses for the purpose of marketing their goods or services, promoting their business, or providing information, announcements, and well-wishes to enhance their recognition. Even e-newsletters that provide updates on current developments should be included in this definition.
What Are the Conditions for Sending Commercial Electronic Messages?
According to the relevant regulation, companies must obtain explicit consent from consumers to send commercial electronic messages (CEMs). Furthermore, the consent obtained from consumers remains valid until the right to withdraw is exercised, as specified in the regulation.
Based on this regulation, sending CEMs to consumers requires obtaining clear consent from them first. Another requirement is granting consumers the right to withdraw their consent.
However, many companies try to circumvent this regulation by sending CEMs without consent while allowing consumers to exercise their right to refuse these messages. This practice, whether intentional or unintentional, is not only unlawful but also does not alleviate consumer complaints. Considering the inadequacy of inspections and penalties, we must acknowledge that the Regulation on Commercial Communication and Commercial Electronic Messages falls short in resolving the issue.
What Are the Personal Data Protection Board’s Decisions Regarding Commercial Electronic Messages?
The Personal Data Protection Board imposed a fine of 50,000 Turkish Liras (TL) on an anonymous company for making commercial calls for advertising/informational purposes without the explicit consent of the data subjects, based on a complaint submitted on May 31, 2019. The Board also interpreted multiple messages sent by an asset management company on the same subject as unsolicited CEMs, imposing a fine of 25,000 TL on the relevant company.
Legal regulations regarding sending CEMs require obtaining consent before sending such messages. The Personal Data Protection Law also mandates obtaining consent to record the individual’s data before sending a CEM. Consequently, in the case of sending unsolicited CEMs, questions about how the recipient’s information was obtained become paramount. While the Regulation on Commercial Communication and Commercial Electronic Messages focuses on how CEMs are sent, the Personal Data Protection Law addresses who the CEMs are sent to. In this regard, companies sending unsolicited CEMs are liable to face legal penalties both under the relevant regulation and the Personal Data Protection Law.
The Personal Data Protection Board has taken a concrete step by evaluating the sending of commercial electronic messages from a very appropriate perspective. It is clear that the Board, which actively conducts inspections and implementations, will engage in an effective fight against unsolicited CEMs.