Current State of the Amended Regulation on Commercial Communication and Commercial Electronic Messages
I. What is the Scope of the Regulation on Commercial Communication and Commercial Electronic Messages?
Regulation on Commercial Communication and Commercial Electronic Messages (“Regulation”) regulates commercial electronic messages sent by service providers and the intermediary service providers, who initiate the commercial electronic message transmission at the service provider's instructions, to the recipients located in Turkey.
Service provider/intermediary service provider may be a natural or legal person.
“Commercial electronic messages” are-mails, SMS and phone calls sent/made to the recipients by the service providers to promote, advertise and/or remind their business/products/services. Push notifications and in-app ads are not within the scope of the Regulation.
Regulation foresees three regimes with respect to the recipient groups. (i) If the recipient is a merchant/craftsman, service providers are not obliged to obtain permission to send commercial electronic messages but must provide them an option to opt-out. (ii) If the recipient is a customer who has provided its contact information while it was directly receiving service provider’s product and/or service before May 1, 2015 but who has not given its permission to receive commercial electronic messages, they may be considered as “permissioned”. (iii) The third regime regards recipients who are not merchants/craftsmen and who has given their permission to receive commercial electronic messages from the relevant service provider.
Regulation also defines certain exceptions for electronic messages which do not require permission, including electronic messages regarding change, use or maintenance of the provided product/service.
II. What are the New Provisions Brought by the Amended Regulation on Commercial Communication and Commercial Electronic Messages?
With the amendment made on the Regulation on Commercial Communication and Commercial Electronic Messages on January 4, 2020, Turkish Commercial Electronic Message Management System (“CMMS”) has been introduced.
Entities wishing to send electronic commercial messages to recipients located in Turkey are now under the obligation to register to the CMMS and align their relevant activities with the amended Regulation.
The main functions of the CMMS are: (i) obtaining commercial electronic message permissions, (ii) using the right to opt-out by recipients, and (iii) managing the complaints regarding unsolicited commercial electronic messages. Whether the recipient has provided permission or not shall be confirmed through the CMMS, prior to the sending of the messages.
The service providers and the intermediary service providers that initiate the commercial electronic message transmission at the service provider's instructions are obliged to check through the CMMS whether the recipient has provided permission for the communication or not. It is forbidden to send messages to people who do not appear to have given permission over the CMMS.
In addition to the new provisions on the CMMS, amendments on (i) phrases specifying intermediary service providers in the message, (ii) obligation to retain records regarding permissions and messages and (iii) information to be provided to recipients during voice calls have also been introduced.
III. Are the entities that are not located in Turkey also obliged to register to the CMMS within the scope of the Regulation?
Yes. Whilst the procedure for foreign entities was not clear, recent information published at the official website of the İleti Yönetim Sistemi A.Ş. (entity conducting CMMS operations) has clarified this issue as follows;
“It is considered that real or legal entities, whether located in Turkey or abroad, who wish to send commercial electronic message must comply with the legislation and register to CMMS. Accoringly, entities not located in Turkey but sending commercial electronic messages to recipients in Turkey must send their apostilled commercial activity certificate and authorization certificate of the authorized person for the registration to firstname.lastname@example.org. Same documents must be sent to the central office address of İleti Yönetim Sistemi A.Ş. via post.”
Therefore, entities located abroad, who send commercial electronic message to the recipients in Turkey, are under the obligation to register to the CMMS and to comply with the Regulation’s requirements accordingly.
IV. What are the Deadlines?
June 1, 2020 was the deadline for local and foreign entities to register to the CMMS and from September 1, 2020, it was going to be mandatory to check the permission status of recipients over the CMMS before sending the messages. However, Ministry of Trade, having the power to delay this deadline for 3 months, has prolonged the deadlines foreseen by the Regulation. On May 23, 2020, Ministry of Trade announced that the deadlines have been extended for 3 months, such that (i) the deadline for June 1, 2020 has been moved to September 1, 2020; and (ii) the deadline for September 1, 2020 thereof to December 1, 2020.
Accordingly, after being registered, service providers shall upload their existing permissioned databases to the CMMS by the end of September 1, 2020. Afterwards, recipients shall be able to use their right to opt-out from the CMMS.
As of December 1, 2020, the recipients who did not opt-out shall be considered as legally permissioned. In other words, the recipients who did not opt-out before this date will be considered to grant permission to commercial messages. Please note that recipients may freely opt-out after this date as well.
After December 1, 2020, it will be mandatory to check the permission status of the recipients over the CMMS before sending the messages. Also, approvals received by a method other than CMMS will have to be reported to the CMMS within three working days, and permissions that are not reported to the CMMS within this period will be considered as invalid. Service providers shall also notify the opt-outs to the CMMS within three working days.
V. What to do Next?
First, companies falling within the scope of the Regulation (as explained above) must be registered to the CMMS.
Registration form requires an e-mail address belonging to a designated contact person to which an activation code shall be sent. After entering this code, registration process shall start. Local entities shall enter (i) their MERSIS number and (ii) the identity number of the authorized person. When the MERSIS number of the company and the identity number matches, pre-application form shall appear which is filled automatically by the system. After entering remaining information, a verification code shall be sent and the service provider shall be able to download an undertaking on the use of main features of CMMS (“Undertaking”). This Undertaking shall be signed with the electronic signature of the relevant authorized person and then, an application code shall be delivered to be used for monitoring the process. When the information and documents presented during the application are all verified, service provider shall be able to use its CMMS account.
For foreign entities, their (i) circular of signature, (ii) trade registry certificate/commercial activity certificate and (iii) signed version of the Undertaking shall be required to be registered.
Since the permissioned databases shall be transmitted to the CMMS afterwards, a prior work shall be conducted in order to evaluate whether the current commercial electronic messaging permissions are obtained in compliance with the local law or not. Only the permissions that are obtained in compliance with the local law must be transmitted to CMMS. It should be noted that service providers may divide their permissioned database with respect to their trademarks/brands.
When the platform is opened for registered service providers in order for them to upload their permissioned database; (i) data on recipient’s relevant contact information (phone number/e-mail address), (ii) channel for which recipient has given its permission, (iii) channel through which recipient has given its permission and (iv) date of permission shall be entered (among other entries). Processes regarding the data entry is yet to be clarified.