With the rapid increase in digitalization, commercial communication conducted through electronic communication tools has gained significant importance in the business world. The legal compliance of sending commercial electronic messages also requires adherence to the legislation on personal data protection. In Turkey, while this process is regulated primarily by the Law on the Regulation of Electronic Commerce No. 6563 and the Regulation on Commercial Communication and Commercial Electronic Messages (“Regulation”), the Law on the Protection of Personal Data No. 6698 (“LPPD”) also plays a critical role in the process of sending commercial electronic messages. In this context, the following sections provide a detailed analysis of how the approval obtained through the Message Management System (“MMS”) and the provisions of LPPD regarding personal data protection should be applied to ensure the lawful sending of commercial electronic messages.
Consent Requirement for Sending Commercial Electronic Messages and Personal Data Protection
Firstly, it should be noted that in order to legally send commercial electronic messages, prior explicit consent must be obtained from the recipients. Since commercial electronic messages are generally sent using recipient contact information that qualifies as personal data, it is mandatory that these data be processed in accordance with the law.
According to Articles 5 and 6 of the LPPD, the processing of personal data must be based on the explicit consent of the data subject. This consent can be obtained simultaneously with the approval for sending commercial electronic communications. However, both consents must be clear, specific, and informative to the user. Users must have the right to consent to one of these matters while refusing the other; in other words, a single consent for both issues should not be obtained. Personal data used for sending commercial electronic communications must be processed in accordance with the consent given by the recipient and should not be used for purposes other than those specified.
Message Management System and Personal Data Protection in Commercial Electronic Messages
The tool used in Turkey for managing the sending of commercial electronic messages and obtaining recipient consents is the Message Management System (MMS). MMS is a platform that allows both service providers to send commercial electronic messages legally and recipients to effectively manage their consent and rejection processes.
The Importance of the Message Management System in Terms of Personal Data Protection:
- Management and Recording of Consents: It is a legal requirement that consents obtained from recipients before sending commercial electronic messages be recorded in MMS. This recording process ensures compliance with both the legislation on the regulation of electronic commerce and the regulations on the protection of personal data. Consents obtained from recipients are securely stored in the MMS system and serve as a legal basis for data controllers.
- Protection of Recipient Rights: MMS allows for the protection of personal data and enables recipients to exercise their rights. Recipients can manage their consent for commercial electronic messages through MMS, withdraw their consent, or opt out of receiving messages entirely. This process complies with LPPD’s provision that grants data subjects the right to withdraw consent and stop the processing of their data. Every communication channel used to send commercial electronic messages must provide recipients with an easy method to exercise their right to opt out, and this process should be free of charge. The structure provided by MMS enables data subjects to easily exercise the rights granted to them under LPPD.
- Secure Data Processing: MMS allows for the secure processing of personal data. The security obligations imposed on data controllers by LPPD (such as processing data lawfully, ensuring confidentiality, and using data only for specific purposes) can be more easily monitored through MMS. In this way, the necessary security measures are provided within MMS to prevent unauthorized access, alteration, or deletion of data.
Legal Sanctions in MMS and Personal Data Processing Procedures
MMS is designed to ensure that personal data used in the process of sending commercial electronic messages are processed lawfully. However, failure to comply with MMS regulations or the detection of violations of LPPD during the processing of personal data can result in severe penalties for data controllers. The Personal Data Protection Board may impose substantial administrative fines on data controllers if the relevant regulations are not followed.
Conclusion
The lawful sending of commercial electronic messages requires businesses to comply with both the provisions of the Personal Data Protection Law and the relevant regulations on electronic commerce. While the Message Management System ensures that these processes are carried out securely and in legal compliance, it also facilitates data controllers in processing, storing, and deleting personal data lawfully when necessary. Therefore, paying attention to personal data processing procedures while sending commercial electronic messages through MMS protects the rights of both businesses and data subjects.