Turkey’s Data Protection Board (“Board”) has announced that advertising using data subjects’ contact details unlawfully should cease. The Board has stated that those advertising via e-mail, SMS and calls should cease such activities. The Board will impose sanctions for failures to do so.

The Board announced that:

  •  Data controllers and data processors must cease advertising through e-mail, SMS or calls if such activities do not fall within the scope of exceptions contained in the Data Protection Law, or data subjects’ consent for such processing is not obtained.
  • Data controllers must take technical and administrative measures to prevent unlawful access and data processing, as well as provide adequate levels of protection. If data is processed by a third party, data controllers will be deemed jointly liable for such activities.
  • Sanctions will apply to those who fail to comply with the points mentioned above. Given the risk of obtaining such information unlawfully, breaches will also be notified to the Prosecutor’s Office.

Please see this link for the full text of Ruling Number 2018/119, which was published in Official Gazette number 30582 on 1 November 2018 (only available in Turkish).