On 27 April 2018, the Personal Data Protection Commission (PDPC) began a consultation to gather public feedback on its proposal to merge the Do Not Call (DNC) provisions in the Personal Data Protection Act (PDPA) and the Spam Control Act (SCA) into a single legislation governing all unsolicited commercial messages.
Currently, the DNC provisions of the PDPA only permit an organisation to send a marketing message to an individual’s Singapore telephone number by text, phone or fax if it (a) obtains consent, which is clear, unambiguous and in writing or any other accessible form, to send the message, (b) checks the relevant DNC register(s) within a certain period before sending, or (c) has an ongoing relationship with the individual and has complied with certain conditions, including that the message will be sent by text or fax only. Organisations are required, among others, to effect a withdrawal of consent to receive marketing messages within 30 days.
On the other hand, the SCA governs the sending in bulk of unsolicited commercial emails or text messages. The SCA requires, among others, the messages to provide an unsubscribe facility for recipients to opt out of receiving future messages. Organisations are prohibited from sending any messages to a recipient after 10 business days from the date of the unsubscribe request.
Under the proposed legislation, the DNC provisions will apply to all unsolicited marketing text messages sent to Singapore telephone numbers, regardless of whether they are sent in bulk. This effectively streamlines the overlapping requirements of the DNC provisions under the PDPA and the SCA in relation to the sending of unsolicited commercial text messages. The period for organisations to effect a withdrawal of consent to receive marketing messages will also be reduced to 10 business days.
The SCA provisions will continue to apply to unsolicited commercial emails that are sent in bulk. In addition, the SCA provisions will be extended to apply to unsolicited commercial text messages that are sent in bulk to instant messaging identifiers. Instant messaging identifiers refer to the account ID or login ID created by users on instant messaging platforms such as Facebook or WeChat.
The PDPC also seeks to prohibit the sending of commercial messages to all telephone numbers (including Singapore telephone numbers), instant messaging identifiers and email addresses generated by or obtained through the use of dictionary attacks or address harvesting software by persons in Singapore.
In addition, the PDPC proposes to enforce breaches of certain DNC provisions under an administrative regime instead of enforcing them as criminal offences, as is the case currently. The new enforcement regime will enable the PDPC to issue directions to violators (including imposing financial penalties) and resolve investigations more expeditiously. A private right of action to individuals affected by infringements of DNC provisions is also being considered.
The consultation closes on 12 June 2018. A copy of the consultation paper can be found here.
