By taking into consideration the large number of requests to the Turkish Data Protection Authority regarding advertising messages/calls that are forwarded to email addresses of data subjects or to their phones by SMS or phone calls without obtaining their explicit consent, which is contrary to the provisions of the Personal Data Protection Law No. 6698, and considering the findings reached within the scope of the examinations carried out, The Board unanimously decides to inform the public opinion on the issues listed below and to publish the Resolution on the web site of the Authority and in the Official Gazette;

• Data controllers who forward advertising messages/calls to email addresses of data subjects or to their phones by SMS or phone calls without obtaining their explicit consent and not providing conditions of processing stated in Article 5 of the Protection of Personal Data Law (the “Law”), and data processors who use such data without the explicit consent of the data subjects for the purposes of sending messages/e-mails or making calls with advertising content on behalf of the data controllers shall immediately cease the mentioned data processing activities pursuant to Article 15(7) of the Law,
• In accordance with the Article 12 of the Law data controller is obliged to take all necessary technical and organizational measures to provide an appropriate level of security for the purposes of preventing unlawful processing of personal data, preventing unlawful access to personal data and ensuring protection of personal data, and in case the processing of personal data is carried out by another natural or legal person on behalf of the data controller, the data controller shall jointly be responsible with these persons for taking such measures.
• Within the scope of provisions of the Article 18 of the Law, a legal action will be taken against the data controllers who engage in such activities,
• Considering that mentioned personal data processed might have been obtained unlawfully, the Chief Public Prosecutor's Office will be informed with a notice pursuant to Article 158 of the Code of Criminal Procedure to take necessary legal actions against the relevant data controllers in accordance with Article 136 titled “Unlawful Delivery and Acquisition of Data” of the Turkish Criminal Code No. 5237.