Long-time expected Electronic Commerce Law No.6563 has been enacted by The Grand National Assembly of Turkey on October 23, 2014 in harmonization with 2000/31/ EC E-Commerce Directive. The Law published on November 05, 2014 in the Official Gazette and will come to into force on May 1, 2015.
Law provides two new definitions i.e. “Service Provider” and “Intermediary Service Provider.” The concept of “service provider” refers to any natural or legal person operating electronic commerce whereas “intermediary service provider” refers to any natural legal person who provides electronic commerce media for others to pursue economical and commercial purposes.
The Law briefly aims to regulate following major issues given below:
- Liability on the information to be provided for the contracts concluded by electronic means
- Unsolicited commercial communication
- Non-Liability of the “intermediary service providers” on monitoring regarding the content provided by natural or legal persons who uses electronic means in line with their services
- Protection of personal data collected on the basis of the transactions carried out under the code
Liability on the information to be provided for the contracts concluded by electronic means
- Article 3 refers that before concluding a contract by electronic means the service provider shall provide;
- accurate and accessible information regarding the commercial communication
- different technical steps to follow to conclude the contract
- the information with respect to whether or not the concluded contract will be kept by the service provider and the accessibility of such document.
- the information related to the applied privacy policies and alternative dispute resolution mechanisms, if any
Unsolicited commercial communication
Unsolicited commercial communication measure in the sense of 2000/31/EC translated as the “requirement of commercial electronic communication” under Article 6.
The Turkish E-Commerce Law refers opt-in only which requires a prior consent of the recipient. However it should be noted that this provision will not be applied to the B2B communications and only valid for B2C or C2C communications.
Non-Liability of the “intermediary service providers” on monitoring
Article 9 refers that intermediary service providers shall not be liable for any monitoring regarding the content provided by natural or legal persons who uses electronic means in line with their services.
In any case, the intermediary service providers are obligated to exercise due care during their business according to the current Commercial Code.
Protection of personal data collected on the basis of the transactions carried out under the code
Article 10 provides the requirements of data storage by the service provider as follows; Service Provider and intermediary service provider shall;
- be liable for storing and providing the security of the data provided by the virtue of transactions in the sense of the
- not transmit the personal data to third parties or use for other purposes without the consent of that legal or natural person.
Despite the above obligation, the Law does not impose any pecuniary fine for the breach of liability under Article 10. However any breach can still be evaluated under the Criminal Law provisions 1 protecting the personal data.
It is to be noted that the Protection of Personal Data Code has not been enacted yet in Turkey and The Turkish Parliament is still working on a draft. Therefore, in the absence of a Data Protection Code; data protection rules provided by several provisions in different codes such as The Constitution of Republic of Turkey Article 20, Turkish Criminal Code Articles 134-140 (Law No. 5237), Turkish Civil Code Article 23-35 (Law. No.4721), and other related regulations (telecommunication, health, banking and employment). It is possible to state that the data protection measures regulated under the E-Commerce Directive will be interpreted along with abovementioned laws and regulations.