REGISTER LOGIN

Sending Commercial Electronic Message Without Obtaining Consent

23.06.2023
Özdağıstanli Ekici Attorney Partnership

The Personal Data Protection Board (“Board”) evaluated a complaint regarding a data controller sending commercial electronic message to a data subject's work e-mail address, which was found as a result of an internet search, without the data subject's consent in its decision dated 01.09.2022 and numbered 2022/861.

The complaint subject to a decision is sending e-mails regarding the campaign and advertisement to the work e-mail address of the data subject who is a lawyer and failure to inform the data subject about the source of collection of the personal data.

The Board made the following explanations regarding the complaint;

  • As a result of the examination by the Board, the e-mail address is different from the e-mail address which is subject to the complaint. It was understood that the e-mail address has been made publicly available by the data subject when that the data controller’s statement stating the e-mail address which is subject to the complaint has been reached through the internet search was considered.

  • It is possible to process personal data if personal data have been made public by the data subject himself/herself pursuant to Article 5/d of the Law on the Protection of Personal Data w. no. 6698 (“DPL”). However, making personal data public does not mean that such personal data may be processed personal data for any purpose. Personal data processing must be limited and relevant to the purpose made available to the public by the data subject.

  • Further, the data controller stated that personal data was processed through sending marketing e-mails based on Article 6 of the Law on the Regulation of Electronic Commerce No. 6563 containing that "Commercial electronic messages can be sent to tradesmen and merchants without prior consent". However, commercial electronic messages cannot be sent to a person who is a lawyer without obtaining prior consent based on this provision since lawyers cannot act as either tradesmen or merchants pursuant to Article 11 of Attorneyship Law w. no. 1136.

  • Thus, it has been understood that the data controller has violated the obligation to prevent the unlawful processing of personal data since there are not any conditions for processing personal data set out in Article 5 of the DPL.

  • It has been also understood from the response given by the data controller to the data subject, only information was given that his/her personal data was erased, but other information requests of the data subject within the scope of Article 11 of the DPL were unanswered. Therefore, the data controller has acted contrary to Article 6 of the Communiqué on Principles and Procedures for the Request to Data Controller (“Communiqué”).

In this regard, the Board adopted the following decision;

  • The data controller has not submitted any document proving that there is a will of the data subject for processing the e-mail address information for advertising and marketing purposes. Also, there are not any conditions set out in Article 5 of the DPL for processing personal data. In this respect, it has been decided to impose an administrative fine of TRY 150.000 (approx. 5.772 EUR) on the data controller.

  • Since answering only some of the questions in the application to the data controller made by the data subject constitutes a violation of the DPL, it has been decided to instruct the data controller to respond to the data subject in accordance with Article 6 of the Communiqué.

  • The letter submitted by the data controller states that the e-mail address of the data subject has been deleted from the records of the data controller upon the request of the data subject. However, it is understood that no document proves the deletion. So, it has been decided to instruct the data controller that the personal data of the data subject must be deleted, destroyed, or anonymized and the related documents must be sent to the Board.

Tagged withÖzdağıstanli Ekici Attorney PartnershipBurak Özdağıstanli, Bensu Özdemir, Ebru Gümüş, Data Protection & Privacy, Personal Data

This website is available “as is.” Turkish Law Blog is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this website, and in no event shall they be liable for any loss or damages.

Popular Articles on Data Protection & Privacy

Kişisel Verileri Koruma Kurulunun 2023/134 Sayılı Kararı Doğrultusunda Tiktok Hakkında 1.750.000 TL İdari Para Cezası Uygulanmasına Karar Verildi
Data Protection & Privacy 2023 Guide for Turkey - 2
Data Protection & Privacy 2023 Guide for Turkey - 1
Epic Games, Çocuk Mahremiyeti İhlalleri ve İstenmeyen Ücretlerle İlgili FTC İddiaları Üzerine 520 Milyon Dolar Ödeme Yapacak
Guide to Direct Marketing Using Live Calls Published By ICO

Latest Insights from Özdağıstanli Ekici Attorney Partnership

Saying Goodbye to Consent in Data Transfers: What is Next?
A New Era in Cross-Border Data Transfers in Turkey
Turkish Data Protection Board Decision: Processing Special Categories of Employee Data
Turkish Data Protection Board Decision: Data Processing Activities of an Online Game
Turkish Data Protection Board Decision: Confidentiality Obligations of Banks
Ready to stay ahead of the curve?
Share your interest anonymously and let us guide you through the informative articles on the hottest legal topics.
|
Successful Your message has been sent