The rapid expansion in electronic communications and electronic commerce over the past several years has led to raised concerns as to how to ensure, in the most efficient way, the protection of personal data in relation to direct marketing. In today’s world, improvements in electronic communications have led to the practice of direct marketing being engaged with by businesses of all sizes. It is a form of advertising, in which physical marketing materials are provided to consumers in order to communicate information about a product or service. The communication itself may be in any format, and may include postal mail, telemarketing, mobile phone numbers, web browser cookies, direct e-mail marketing, and point-of-sale (POS) interactions. Since these marketing messages are addressed directly to customers, the marketers are able to address the members of a target market. In this field, protection of personal data constitutes an issue.
Current Laws and Regulations governing data protection in Direct Marketing Activities:
In 2000, the Turkish Government commissioned the “Telecommunication Council” as the institution responsible in the main for regulating the Telecommunication Sector. Subsequently the name of the Council was changed to the “Information Technologies and Communication Institution”. Under the control of said Council and Institution, some regulations relating to Data Protection and Privacy have been enacted, namely the “Regulation on Personal Data Processing and Protection of Privacy in the Telecommunication Sector” and the “Electronic Communication Law“. Both regulations contain similar principles regarding data protection.
According to Article 20 of the Regulation on Personal Data Processing and Protection of Privacy in the Telecommunication Sector, personal data must not be obtained and processed/used in terms of communicating measures without the express consent of the subscriber In addition, individuals should always be able to unsubscribe whenever they wish by having easy access to an opt-out regime.
The Electronic Communication Law also regulates the same subject in Article 50 stating that, in the case where the subscriber does not give prior consent, the subscriber is entitled to object to the automated incoming calls, e-mails, faxes and short message services easily and cost free.
Draft Laws (still under review) to govern protection of personal data:
Draft Law on protection of Personal Data
Despite the aforementioned regulations, Turkey has no specific regulation concerning data protection and privacy. However, during the National Program for the Harmonization of Turkish Legislation with European Union Law, Turkey addressed the data protection issue by following the same pattern as adopted by the European Union. In 2003, the Turkish Ministry of Justice tabled a Draft Law on protection of Personal Data (hereinafter referred as “Draft Law”) in accordance with Agreement 108 of the EU Convention for Protection of Individuals with Regard to Automatic Data Processing, to which Turkey is a signatory, and the European Union Data Protection Directive 95/46/EC. The review process at the relevant commission of the Parliament has not yet been completed having been in process since 2008. Going further than the EU Data Protection Regulations, the abovementioned Draft Law is applicable both to individuals and legal entities, aiming to protect the right of personality and the fundamental rights of persons who are the subjects of data processing. The Draft Law also governs the protection of personal data and fundamental rights and freedoms, the processing of personal data, including purpose specification, proportionality, accuracy and retention limitation. Moreover, it sets up rules for processing the personal data among which are included measures concerning consent and compliance with a legal obligation.
E-Commerce Draft Law
In addition to the Draft Law, the E-Commerce Draft Law deals with data protection issues relating to Electronic Commerce. After a first attempt on December 2010, the E-Commerce Draft Law was sent to Parliament again onOctober 2011. Its review by the Trade and Industry Commission of the Parliament has begun, and it is predicted to be enacted very soon.
The E-Commerce Draft Law establishes regulations on online shopping, commercial communications, and conditions relating to the sending of electronic mails and methods of messaging. The application of this regulation directly affects service providers and protects data privacy of individuals.
The E-Commerce Draft Law consists of 14 articles, and the majority of the articles concern commercial communication. The provision in article 3 specifically imposes an obligation on service providers to provide any necessary information to the consumer before entering into an agreement.
According to Article 5, the sender of the electronic message has to provide specific introductory information about itself. If the message is promotional marketing, it should include all the details and conditions of the promotion. Here, the criterion is that the consumer should not feel it necessary to request any further information about the promotion.
Prior consent / Opt-in
Following the implementation of the above, commercial electronic messages must not be sent without the prior consent of the consumer, providing for a so called ‘opt-in’ regime, in compliance with Article 6. As in the European Union’s System, Turkey will also adopt an opt-in regime, in which one has to get the explicit consent of the consumer before sending any type of electronic message, rather than an ‘opt-out’ regime in which the consumer has the right to reject receiving the messages after receipt of the first message. This means that the consumer’s information will be stored in the database at his/her own request.
Pursuant to Article 7 of the E-Commerce Draft Law, the content of the commercial electronic message should comply with conditions covered by any prior consent. As well as this, another company cannot send any kind of message by using any other company’s database even where prior consent of the customer has been directly obtained. In addition to this, the consumer must be able to see all of the sender’s details such as their phone number and address. Therefore, within the scope of the E-Commerce Draft Law, personal data may only be collected, stored and used pursuant to the obtaining of the explicit consent of the data subject. As is currently the case, consumers are entitled to object to receiving such messages without offering any reason for doing so. After receiving such an objection, the sender must stop sending messages to the consumer within 3 days.
The service provider is obliged to protect personal data, and not to share such data with third parties without the permission of the consumer (according to Article 10).
Proposed penalties
The E-Commerce Draft Law sets forth various punitive measures in Article 12. The Ministry of Industry and Trade may impose a penalty which varies from 1.000 TRY (approx. 400 EUR) to 50.000 TRY (approx. 20.000 EUR).
As mentioned above, Article 50 of the Electronic Communication Law does not contain any sanctions regarding unsubscribing. However, when the E-Commerce Draft Law enters into force, drastic changes and development in the Electronic Communication Law will be introduced by allowing for the imposition of sanctions for the violation of this Article. Where a violation occurs, administrative fines varying from 10.000 TRY (approx. 3.000 EUR) to 100.000 TRY (approx. 30.000 EUR) may be imposed.
In conclusion, as a result of its awareness of the importance of data protection, the Turkish Government is committed to the taking of any further action necessary. Although there is no specific regulation yet in Turkey, after the enactment of both the Draft Law and the E-Commerce Draft Law discussed above, Turkey will have greater protection for personal data in relation to direct marketing. It seems, therefore, that any attempt to accelerate the process of ensuring that the regulations enter into force, may aid in ensuring that Turkey reaches European standards, and may consequently ensure that any required harmonization is more likely to be achieved.
