The era of providing your phone number at checkout is coming to an end

The Personal Data Protection Authority (KVKK) has decided in principle to create verification mechanisms to prevent loyalty cards used for purposes such as discounts, promotions and collecting points when shopping from being used by third parties without the cardholder's knowledge and consent.

According to the decision published in the Official Gazette, KVKK received numerous complaints and notifications that third parties were making purchases by providing their mobile phone numbers to the cashier without the knowledge and consent of the loyalty card holders.

The complaints stated that “this purchase was made using loyalty cards by the cashier without entering the verification code into the system,” “the cardholder was allowed to make the purchase despite not being at the checkout during the purchase,” and “an unlawful data processing activity was performed.”

The investigation conducted by the institution found that documents such as invoices issued as a result of purchases made using loyalty cards were often in the cardholder's name and information about the purchase was recorded in the cardholder's records.

It has been identified that personal data breaches may occur when the mobile phone or loyalty card number is used by a third party to make purchases without the cardholder's knowledge and consent, by processing false customer transaction information in the individual's member account, or by issuing an invoice for a purchase not made in the individual's name and without their knowledge or consent.

Anyone who does not adhere to political decisions will be punished.

KVKK has made a fundamental decision regarding this situation, which apparently occurs frequently when shopping.

Accordingly, the practice of allowing third parties to make purchases by providing their mobile phone or debit card number to the cashier without the person's knowledge or consent will be abolished.

To confirm that the purchase is made with the knowledge and consent of the cardholder, verification mechanisms such as “notifying the cashier of the verification code sent via SMS”, “scanning the barcode or QR code provided via the mobile application or website at the checkout” and “entering the loyalty card password into the transaction device at the checkout” are created.

In order to establish the relevant verification mechanisms, data controllers are granted an adaptation period of six months from the date of publication of the policy decision.

Criminal proceedings pursuant to Article 18 of Law No. 6698 on Personal Data Protection will be imposed against data controllers who do not take these measures and continue to implement them in violation of the provisions of the law and are determined not to act in accordance with the points stated in the resolution.


Yayımlandı

kategorisi

yazarı:

Etiketler:

Yorumlar

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir