Imposing strict new rules on online sales, commercial messages, and the protection of personal data, on October 23, 2014, the Turkish parliament adopted Law No. 6563 on the Regulation of Electronic Commerce (the “E‑Commerce Law”). The law will enter into force on May 1, 2015.
What the new law says
- Online sales
Under the new E-Commerce Law, prior to concluding an online sales agreement, an e-commerce service provider must state: (i) its name and contact details; (ii) the process for concluding the agreement; (iii) whether the service provider will retain the agreement after its conclusion, and whether the buyer will be able to later access it and for how long; (iv) the procedure for correcting data entry errors; (v) the privacy terms and alternative dispute resolution mechanisms, if any; and (vi) the service providers professional chamber memberships, if any, and governing codes of conduct.
The E-Commerce Law also imposes requirements for online orders. A service provider must: (i) clearly state the terms of the agreement, including the total amount of payment due, at the agreement approval stage and before the counterparty enters payment details; (ii) immediately confirm to the counterparty the receipt of the order; and (iii) provide the buyer with appropriate, effective and accessible method to correct data entry errors.
These requirements will not apply to agreements concluded by email or similar personal communication, and to B2B transactions.
- Commercial messages
The E-Commerce Law bans commercial messages by email, text messaging (sms), fax and autodial machines (robocalls) to consumers without their prior approval. Previously, unsolicited messages were permitted if consumers were provided an easy and free-of-charge opportunity to opt-out. The opt-in system will not apply to B2B relationships, and commercial messages can still be sent to businesses without their prior approval.
The content of commercial messages must be in line with the approval given. The message also must include: (i) the sender's identity; (ii) the sender's telephone number/fax number/sms number/email, depending on the electronic method of communication used; (iii) the subject and purpose of the message; and (iv) information on the actual sender, if the message is sent on behalf of another entity.
If a commercial message relates to a promotional activity (e.g., offers a discount or gift, or is related to a contest), the sender must provide an easy way to access the terms of the activity.
As consumers always have the right to opt-out of receiving commercial messages, the sender must provide the consumer an easy and free-of-charge opportunity to revoke prior approval; details of this opportunity must be contained in the message.
- Protection of personal data
The service provider is responsible for storing and securing the personal data obtained from the online agreement. The service provider cannot transfer the personal data to third parties without the buyer's consent, or use the data for other purposes.
Service providers can be fined between TRY 1,000 and 15,000 (approx. USD 450 and 6,650) for each violation of the E-Commerce Law. The fines can be raised in certain circumstances, e.g., if a commercial message is sent to more than one person at a single time without the buyer’s prior consent.
Real persons or legal entities providing an online platform to facilitate e-commerce for other real persons or legal entities are defined as “intermediary service providers”. Intermediary service providers are not obligated to supervise the content of other providers, or the products and services offered, on their platform. A separate regulation, however, is expected to provide a framework for intermediary service provider obligations.
Actions to consider
Companies should consider how these significant changes may affect their operations in Turkey, and take steps to ensure compliance with the E-Commerce Law.