New System Introduced By The Electronic Trade Legislation
With the Regulation Amending the Regulation on Commercial Communication and Commercial Electronic Messages (“Amendment Regulation”) published in the Official Gazette on 4 January 2020, amendments in the electronic commerce legislation that will to interest of all real or legal persons engaged in electronic commerce activities have entered into force. In this article, we will briefly examine what these changes are and what kind of obligations they bring for service providers.
Pursuant to the Law on the Regulation of Electronic Commerce numbered 6563 (“E-Commerce Law”) and the Regulation on Commercial Communication and Commercial Electronic Messages (“E-Commerce Regulation”), 'electronic commerce' can be defined as all kinds of online economic and commercial activities carried out in electronic environment without physical confrontation and 'commercial electronic message' is defined as data, audio and video messages sent for commercial purposes and carried out in electronic environment using tools such as telephone, call centers, fax, automatic dialing machines, smart voice recording systems, e-mail and short message service.
As known; all kinds of communication – birthday or special day celebrations, campaigns, discounts, new collection updates, etc. – performed by real or legal persons engaged in electronic commerce activities, namely service providers, with their customers or potential customers, whether they are consumers or not, are considered as a 'commercial electronic message' and the consent of the recipient is required before sending them such commercial electronic messages.
The E-Commerce Regulation regulates how the abovementioned consent will be obtained, the exceptional cases that do not require consent, the content of commercial electronic messages, the right of recipients to refuse to receive commercial electronic messages, the rights and obligations of intermediary service providers and the procedure for complaint applications to be made by recipients.
With the Amendment Regulation, a new concept called "commercial electronic message management system" was introduced to the E-Commerce Regulation. The commercial electronic message management system, briefly referred as “IYS”, allows obtaining commercial electronic message consent, exercising the right of refusal by the recipients and the management of complaint processes. Thus it is aimed to manage the commercial electronic message mechanism from a single center and to facilitate the inspection of service providers with the complaint procedure.
With the amendment, real and legal persons who want to send commercial electronic messages are obliged to register with the IYS and obtain a registration number. In addition, the possibility of obtaining the consent, which could be obtained in written form or by any electronic communication tool until the date of amendment, can now be obtained through the IYS. Additionally, all consents will be recorded with a timestamp in order for them to be tracked.
One of the most important amendment introduced herewith is that, regardless of how it was received, commercial electronic messages cannot be sent to recipients whose consent is not on the IYS. Additionally, unlike consents received physically or electronically, it is an advantage that the service provider does not bear the burden of proof about the consents taken
As it can be seen, in accordance with this new regulation, all service providers are obliged to register both themselves and the consents they receive to send commercial electronic messages, with the IYS. This is a crucial amendment for those operating in the field of electronic commerce. Yet it should be noted that, even if the consent is duly obtained from the recipient within the scope of the E-Commerce Regulation, failure to record this consent in the IYS renders the consent invalid.
Another amendment which has been introduced is that complaint applications regarding commercial electronic messages can be made through the IYS as well as the e-Government portal, the website of the Ministry of Commerce orthe provincial directorate. With this regulation, complaints about commercial electronic messages will be able to be examined by the provincial directorate primarily through the IYS.
So, how should service providers follow these amendments? The effective date of the amendments mentioned above is 1 September 2020. However,
i. consents previously obtained by the service providers within the scope of the E-Commerce Regulation shall be transferred to the IYS until 1 June 2020,
ii. Recipients shall check the consents submitted to the IYS until 1 September 2020.
In order for the recipients to perform this check, a message shall be sent by the service providers to the recipients including items such as, (i) the consent they have given previously has been transferred to the IYS, (ii) they should check the transferred consents through the IYS until 1 September 2020, (iii) otherwise these consents will be deemed valid and (iv) right to refuse the receipt of commercial electronic messages can be exercised through the IYS.
Accordingly, if the consents transferred to the IYS are not checked by the recipients, the said consents will be deemed valid and commercial electronic messages may be sent to such recipients.
The application process for service providers has commenced and the IYS will be available for service providers who have applied in March 2020. The consents received so far may be transferred to the IYS individually, in bulk or through technical integration. On the other hand, consents obtained through the IYS may be received through the call center, short message number and short link to be provided by the IYS within the scope of value-added services. Service providers should receive technical support, if needed, for both transferring the existing database and obtaining consents through the IYS.
While the technical difficulties and conveniences that the IYS will introduce are not certain at this stage, in terms of the personal data transferred to the IYS, the protection of personal data within the scope of the Law on the Protection of Personal Data numbered 6698 and the relevant legislation is an important aspect to be considered. Although IYS is defined as a national database system that will securely store the consents and personal data of recipients accordingly, service providers are obliged to take all necessary measures, primarily technical measures, to protect such personal data against leaks and unauthorized access. Otherwise, the Personal Data Protection Board may impose administrative fines on the service providers in question due to the failure to take technical measures and the unlawful processing of the personal data of the data subjects, and the affected persons will have the right to demand compensation. It should also be noted that violations of the provisions on the protection of personal data may be subject to criminal sanctions.
As a result, all real and legal persons who want to send commercial electronic messages shall register with the IYS by 1 September 2020 at the latest. Moreover, since the consents received from the recipients to date needs to be transferred to the IYS until 1 June 2020 and the recipients must check these consents until 1 September 2020, service providers shall in any case register with the IYS by 1 June 2020 at the latest, submit the previously received consents to the IYS and send a message to the recipients to check their consent. Otherwise, service providers will not be able to send or have commercial electronic messages sent even if they have previously obtained consent from the recipients within the scope of the E-Commerce Regulation. Administrative fines may be imposed on those who violate these provisions in accordance with Article 17 of the E-Commerce Regulation.