Loading...

15.06.2020

Electronic Commercial Messages In Turkey: FAQs On Registration Requirement Before The "Commercial Electronic Message Management System" For Non – Resident Service Providers

1. REGULATORY FRAMEWORK

1.1. What is the regulatory framework applicable to commercial electronic messages sent to recipients located in Turkey?

Law on the Regulation of Electronic Commerce numbered 65631 ("E-Commerce Law") and the Regulation on Commercial Communication and Commercial Electronic Messages2 ("Regulation") constitutes the regulatory framework applicable to commercial electronic messages sent to recipients located in Turkey. In addition to above, since personal data processing will often be carried out in the course of marketing activities, provisions of Law on Protection of Personal Data numbered 6698 should be taken into consideration.

1.2. Which entities are within the scope of the Regulation?

Legal entities or real persons (service providers) residing in Turkey or abroad, wishing to send electronic commercial messages to the recipients located in Turkey and the intermediary service providers who initiate the commercial electronic message transmission at the service provider's instructions are within the scope of the Regulation.

Please note that this FAQ regards service providers' obligations and that intermediary service providers that initiate the commercial electronic message transmission at the service provider's instructions are also regulated under the E-Commerce Law and the Regulation.

1.3. What is commercial electronic message? Does it only apply to marketing electronic messages or it covers transactional messages too (e.g., SMS code in the context of account registration)?

According to the Regulation, commercial electronic messages are defined as messages containing data, audio or visual content, transmitted electronically for "commercial purposes", by making use of mediums such as telephone, call centers, fax, automated calling machines, smart voice recording systems, e-mail and short message services.

In other words, commercial electronic messages are e-mails, SMS and phone calls sent/made to the recipients by the service providers to promote, advertise and/or remind their business/products/services. This promotional intention is interpreted broadly. For example, birthday messages or holiday greetings are considered sent with commercial intent as they increase brand value and loyalty in the eyes of the recipient.

Pursuant to the Ministry of Trade's non-binding interpretation, push notifications and in-app ads are not within the scope of the Regulation/ commercial electronic messages legislation. However, it should be noted that push notifications and in-app ads are not explicitly excluded from the application of the Regulation.

Following message types are not within the scope of the Regulation;

  • Commercial electronic messages sent by operators within the scope of Electronic Communication Law numbered 5809 and dated 5/11/2008 to exclusively promote and market their own products and services or their business to their subscribers and users,
  • Messages sent by foundation universities and other private education and training institutions to their students and their parents,
  • Messages sent by public occupational organizations, associations that are beneficial to the public and tax-exempt foundations to their members regarding the activities of their own commercial businesses,
  • Information messages regarding broadcasting services made by radio and television broadcasting organizations in order to inform and educate the public in accordance with the provisions of the Law on the Establishment of Radio and Television Enterprises and Their Media Services numbered 6112 and dated 15/2/2011,
  • Messages sent by the government, local administrations, and other public legal entities to inform the public.
  • Messages sent via physical means e.g. messages sent via courier.

1.4. When do we need to obtain recipient's permission in order to send commercial electronic messages?

As the general rule, in order to send commercial electronic messages, permission of the recipient should be obtained. Since the Regulation does not foresee a soft opt-in regime, service providers must obtain such recipients' permission in advance and in accordance with the Regulation and relevant legislation3.

Regulation also defines certain exceptions for electronic messages which do not require permission;

  • Commercial electronic messages sent to merchants and craftsmen. Therefore, if the recipient is a merchant/craftsman, service providers are not obliged to obtain permission to send commercial electronic messages (until/if opted-out).
  • Electronic messages regarding change, use or maintenance of the provided product/service where the recipient has provided her/his contact information for communication. 
  • Messages including notifications on ongoing subscription, membership or affiliate status, as well as collection, debt reminder, update information, purchase and delivery or similar occasions.
  • Commercial electronic messages sent to customers by brokerage firms in accordance with the legislation on the capital market.

2. REGISTRATION OBLIGATION OF THE SERVICE PROVIDERS BEFORE THE COMMERCIAL ELECTRONIC MESSAGE MANAGEMENT SYSTEM ("IYS")

2.1. What is Commercial Electronic Message Management System ("IYS")?

With the amendment made on the Regulation on January 4, 2020, Turkish Commercial Electronic Message Management System ("IYS") has been introduced.

Service providers wishing to send electronic commercial messages to the recipients located in Turkey are under the obligation to register before the IYS and align their relevant activities with the amended Regulation. Deadline for the registration is September 1, 2020.4

2.2. What sort of functionalities does IYS offer to recipients?

The main functions of the IYS are: (i) obtaining commercial electronic message permissions, (ii) using the right to opt-out by recipients, and (iii) managing the complaints regarding unsolicited commercial electronic messages. Whether the recipient has provided permission or not shall be confirmed through the IYS, prior to the sending of the messages.

2.3. Who are expected to register with IYS?

Legal or real persons (service providers) wishing to send electronic commercial messages to recipients located in Turkey are now under the obligation to register to the IYS and align their relevant activities with the Regulation. Both local and foreign entities falling within this scope are expected to register to the IYS and provide certain information about their permissioned recipient lists.

2.4. Do foreign service providers sending commercial messages to recipients located in Turkey are expected to register?

Yes. With respect to the service providers located abroad, Ileti Yönetim Sistemi A.S. (entity conducting IYS operations) has clarified this issue, on their official website as follows;

"It is considered that real persons or legal entities, whether located in Turkey or abroad, who wish to send commercial electronic message must comply with the legislation and register to IYS. Accordingly, entities not located in Turkey but sending commercial electronic messages to recipients in Turkey must send their apostilled commercial activity certificate and authorization certificate of the authorized person for the registration to bilgi@iys.org.tr. Same documents must be sent to the central office address of Ileti Yönetim Sistemi A.S. via post."

Therefore, entities located abroad, who send commercial electronic message to the recipients in Turkey, are indeed under the obligation to register to the IYS and to comply with the Regulation's requirements accordingly.

2.5. Are there any exemptions for the registration requirement?

Please see Answer 1.3. Service providers sending messages that are not within the scope of the Regulation shall also not be obliged to register to the IYS.

2.6. If the service providers that address the direct marketing messages to the companies in Turkey, and not addressing to any individuals, are they still obliged to register?

Yes. Even though companies are benefiting from the exemption foreseen for merchants/craftsmen and do not necessitate prior opt-in, service providers are still under the obligation to register to the IYS until September 1, 2020 and upload the recipient's communication addresses to the IYS before sending commercial electronic messages.

2.7. What are the steps/stages of the registration?

First step of the registration form requires an e-mail address belonging to a designated contact person to which an activation code shall be sent. After entering this code, registration process shall start.

Local service providers should enter (i) their MERSIS number and (ii) the identity number of the authorized person. When the MERSIS number of the company and the identity number matches, pre-application form shall appear which is filled automatically by the system. After entering remaining information, a verification code shall be sent and the service provider shall be able to download an undertaking on the use of main features of IYS ("Undertaking"). This Undertaking shall be signed with the electronic signature of the relevant authorized person and then, an application code shall be delivered to be used for monitoring the process. When the information and documents presented during the application are all verified, service provider shall be able to use its IYS account.

Foreign service providers are required to submit following documentation: (i) circular of signature, (ii) trade registry certificate/commercial activity certificate and (iii) signed version of an undertaking on the use of main features of IYS.

If the registering service provider wishes to separate its permissioned database to respective trademarks/brands (which is not mandatory), they must enter their trademark(s) and the number of registered permissioned electronic contact address based on the relevant trademark. Service providers may use the section "add trademark" (where trademark registration certificate is not mandatory) and/or update current state of their trademark(s) after the registration. 

2.8. IYS requires companies to upload their "permissioned recipients" to the system. How will this requirement be fulfilled? Which information do companies need to upload to the IYS? Does it require personal information to be shared?

Pursuant to the current situation, service providers are expected to upload following data; (i) data on recipient's relevant contact information (phone number/e-mail address), (ii) channel for which recipient has given its permission, (iii) channel through which recipient has given its permission and (iv) date of permission shall be entered (among other entries). It should be noted that the processes regarding the data entry is yet to be clarified and required datasets may be different once the relevant interfaces are opened for upload.

2.9. Are there any fees applicable for registration with IYS?

The basic registration with IYS is free. Basic registration allows access to main services offered by the IYS such as querying, communication of opt-in/opt-out requests by recipients and reporting. However, service providers wishing to acquire additional value-added services (e.g. API integration, advanced agency/dealer functionalities, option to collect opt-in's over IYS) will be required to purchase paid service packages from IYS. The details, fee amounts, and the payment model of these value-added programs are not published yet.

2.10. Is the registration in English or Turkish or both?

IYS's portal is currently only in Turkish.

2.11. What is the sanction for not being registered to IYS?

Service providers not registered to the IYS cannot upload their permissions to the IYS. E-Commerce Law and the Regulation states that permissions not uploaded to the IYS shall be deemed invalid. Therefore, existing and future permissions shall be invalid (due to not being uploaded to the IYS).

Consequently, sending commercial electronic messages without valid permission shall constitute a violation of E-Commerce Law and the Regulation and may result in administrative fines from 1,899 up to 9,514 Turkish Liras. If service provider sends commercial electronic messages without permission to multiple recipients at once, relevant administrative fines shall be calculated up to 10 times of the relevant amount.

Additionally, failure to cease sending messages to a recipient who has opted-out within 3 working days (which may occur due to not checking the permission status of the recipient from the IYS) may result in administrative fines from 3,799 up to 28,544 Turkish Liras.

3. AFTER REGISTERING TO THE COMMERCIAL ELECTRONIC MESSAGE MANAGEMENT SYSTEM ("IYS")

3.1. How does the registration work in conjunction with opt-out requests? Do companies need to constantly check the opt-in status of the recipients over the IYS?

Two obligations shall be applicable within the scope of opt-outs; (i) after December 1, 2020, it will be mandatory to check the permission status of the recipients over the IYS before sending the messages and (ii) service providers shall notify the opt-outs (transmitted by the recipient directly to the service provider itself) to the IYS within three working days. Please note that if the recipient uses its right to opt-out directly from the IYS, service provider's sole responsibility within the scope of opt-outs shall be the one defined above under (i).

Please note that for recipients whose permissioned data have been uploaded to the IYS, service providers obligation to control such recipients' permission status shall start without waiting December 1, 2020 (in other words; such controlling obligation shall be present during the period between the uploading date and December 1, 2020).

The obligation to check the permission status regards recipients who are (i) individuals/consumers and (ii) merchants and craftsmen. For the following messages -since the Regulation does not foresee an opt-out regime- it is not necessary to check the status;

  • Electronic messages regarding change, use or maintenance of the provided product/service where the recipient has provided her/his contact information for communication. 
  • Messages including notifications on ongoing subscription, membership or affiliate status, as well as collection, debt reminder, update information, purchase and delivery or similar occasions.
  • Commercial electronic messages sent to customers by brokerage firms in accordance with the legislation on the capital market.

3.2. What it the compliance framework after being registered to the IYS?

After complying with obligations to register and to upload above-explained databases to the IYS, an obligation to check the permission status of the recipients over the IYS shall continue perpetually.

In addition to these obligations, service providers must comply with the following;

  • Permissions received by a method other than IYS will have to be reported to the IYS within three working days. Please note that permissions that are not reported to the IYS within this period will be considered as invalid.
  • Service providers shall also notify the opt-outs to the IYS within three working days.
  • Commercial electronic messages must include certain elements and information as defined under the Regulation (including information on the service provider and an option to opt-out as further regulated).
  • While the following messages do not require prior permission of the recipient, when service provider is sending messages based on these exceptions, service providers shall notify the intermediary service provider regarding which exception that they are relying on when they are sending messages without prior permission;
    • Electronic messages regarding change, use or maintenance of the provided product/service where the recipient has provided her/his contact information for communication,
    • Messages including notifications on ongoing subscription, membership or affiliate status, as well as collection, debt reminder, update information, purchase and delivery or similar occasions,
    • Commercial electronic messages sent to customers by brokerage firms in accordance with the legislation on the capital market.
  • Complaints regarding commercial electronic messages can be made through the IYS. In addition to complaints that can be made through the e-Devlet (turkiye.gov.tr), the website of the Ministry of Trade and the provincial directorate at the place of residence of the complainant, the recipients can also report their complaints through the IYS.
  • Permission records must be retained starting from the date of expiration of validity of permission and other records regarding delivery of message must be retained (starting from the date of record) for three years.

Footnotes

1. Law on the Regulation of Electronic Commerce dated October 23, 2014 and numbered 6563; published in the Official Gazette dated November 5, 2014 and numbered 29166; entered into force as of May 1, 2015.

2. Regulation on Commercial Communication and Commercial Electronic Messages published in the Official Gazette dated July 15, 2015 and numbered 29417; entered into force as of July 15, 2015.

3. Permission should be also in line with the Personal Data Protection Law numbered 6698.

4. The former deadline was June 1, 2020 (as foreseen by the Regulation). However, Ministry of Trade, having the power to delay this deadline for 3 months, has prolonged the deadlines foreseen by the Regulation. On May 23, 2020, Ministry of Trade announced that the deadlines have been extended for 3 months, such that the deadline for June 1, 2020 has been moved to September 1, 2020.