// glossary
Consent Compliance.
GDPR / CASL / TCPA / KVKK
Consent compliance is the legal requirement to obtain explicit user consent before sending commercial electronic messages or processing personal data for marketing. Frameworks vary by region (GDPR in EU, CASL in Canada, TCPA in US, KVKK + İYS in Türkiye), but the core requirement is consistent.
// detail
Three universal pillars:
- Explicit opt-in — pre-ticked boxes are not consent. The user has to actively choose to receive commercial messages.
- Transparent purpose — at the time of consent, the user must know the sender, channel, and content.
- Easy opt-out — every commercial message must include a clear unsubscribe path.
Region-specific layers: GDPR adds data minimization, retention limits. CASL adds 2-year implied consent for existing customers. TCPA adds class-action exposure. Türkiye adds İYS — a centralized message-management system where commercial messages must be registered.
Example: A US e-commerce brand sending bulk WhatsApp must comply with TCPA (express written consent), state laws (CCPA disclosure), and Meta's API rules. A Turkish brand additionally must register with İYS and upload each customer's consent record.