The Information and Communication Technologies Authority (“BTK“) made several amendments to the Regulation on Administrative Sanctions (“Regulation“). The amendments were entered into force and published in the Official Gazette No. 30550 on 29 September 2018.
Before the amendment, administrative fines for Calling Line Identification (CLI) violations were limited to a maximum of 0.5% of the operator’s net sales in the previous calendar year. The amendment increased the maximum administrative fine from 0.5% to 3%. In addition, if the violation amounts to gross fault, the BTK will be entitled to cancel the operator’s authorization.
Concerning value-added services violations, the amendments distinguish the cases in which the operator intends to deceive or mislead consumers. In cases where operators violate their value-added services obligations without deceiving or misleading consumers, the maximum administrative fine is 1% of their net sales in the previous calendar year; operators that deceive or mislead consumers can be fined up to 3% of their net sales in the previous calendar year. If the operator intends to deceive or mislead consumers and the violation amounts to gross fault, the BTK will also be entitled to cancel the operator’s authorization.
The BTK also introduced a general provision regulating administrative fines for violations of the numbering and consumer rights obligations, which are not explicitly set out in the Regulation. The general administrative fine for these obligations is a maximum of 3% of the operator’s net sales in the previous calendar year.
The Regulation introduced a sanction for the violation of cyber security obligations. Natural persons and private legal entities who are not operators and who do not fulfill the obligations or measures imposed by the BTK within the scope of national cyber security activities and the protection against and dissuading from cyber-attacks will be fined between TRY 1,000 to 1,000,000. Furthermore, the BTK may request these persons to submit their written statements regarding the violation within 15 to 30 days. This addition is significant because it extends the scope of the sanctions to natural persons and private legal entities that are not operators.
The amendment distinguishes violations based on their intent and type of fault, introduces blanket sanctions and increases the maximum limits of certain administrative fines. Natural persons and private legal entities that are not operators have become subject to certain sanctions for cyber security related violations.