The Announcement Regarding Personal Data Processed to Send Verification Code via SMS During Store Shopping

The Personal Data Protection Authority has published a public announcement dated 13.11.2023 regarding the personal data processed in order to send a verification code via SMS to the data subjects during the transactions at the cash register following shopping. You may find a brief explanation of the outstanding evaluations below:

• In order to conduct layered clarification; the staff should inform the recipients about the purpose of the SMS sent during the transactions at the cash register and the consequences that may arise if the code provided via SMS is revealed, and the information channels should also be provided to the recipients via SMS.
• The obligation for clarification and obtaining explicit consent should be separated from each other.
• Explicit consent should be obtained separately for different activities that require explicit consent (i.e. approval of membership agreements, obtaining consent for personal data processing, obtaining consent for electronic commercial messages) during the transactions at the cash register.
• Personal data processing for the purpose of sending commercial electronic messages should not be presented as a condition for the completion of shopping. It is recommended that explicit consent to be obtained for this purpose is requested after the completion of shopping.
• In case explicit consent for sending commercial electronic messages is obtained via SMS verification code, the conditions stipulated by the Personal Data Protection Law must be met.