Jurisdiction - Singapore
News
Singapore – Can Existing Personal Data Be Used For Telemarketing?

6 January, 2013

 

Legal News & Analysis – Asia Pacific – Singapore – TMT

 

As the Do Not Call (“DNC“) Registry provisions of the Personal Data Protection Act 2012 (“PDPA“) come into force, many business-to-consumer marketing departments are faced with the problem of ensuring that existing customer telemarketing databases are DNC-compliant.


While the recently-introduced exemption order permits companies to send customers telemarketing messages by phone text message or fax notwithstanding their registration on the DNC, it is limited in scope to recipients who have ongoing relationships with the sender. Further, the telemarketing messages must be related to the subject of the ongoing relationship between the sender and recipient, although just how related remains unclear.


Outside the fuzzy scope of this exemption, the “clear and unambiguous” consent requirements of the DNC regime remain reassuringly certain, albeit strict. Some companies may experience internal resistance as a result – understandably so, as customer databases could have tens, or even hundreds, of thousands of entries. Such large databases give rise to pragmatic problems of how to go about obtaining fresh clear andunambiguous consent efficiently and with minimal loss to the size of the database.


Paragraph 19 of the PDPA provides for personal data collected before the enactment of the PDPA to continue being used for the same purposes. If the purpose of that personal data was to conduct telemarketing campaigns, can organisations rely on this paragraph to avoid having to trawl through their databases collecting fresh consent?


The short answer is “no.”


At the heart of this issue is that, while the DNC regime is housed within the PDPA, it imposes a separate set of obligations, quite apart from the personal data obligations imposed by the PDPA. Hence, while information collected prior to the PDPA can indeed be used for the same purposes that it was used for before the PDPA, it must still be DNC-compliant to avoid a breach of the DNC regime. Thus, personal data that was collected with consent prior to the PDPA is not sufficient for telemarketing messages under the DNC regime unless the consent was clear and unambiguous. In order for it to be clear and unambiguous, the consent given should (i) identify the organisation collecting the personal data, (ii) require an active step on the part of the customer, such as ticking a check box, to indicate his or her consent to receiving telemarketing, and (iii) identify the mode of communication specifically as telemarketing (i.e. phone or fax only).


If the pre-PDPA consent does not specifically identify the organisation collecting personal data for telemarketing, or if it identifies multiple organisations, this does not constitute clear and unambiguous consent under the DNC regime as it remains ambiguous who the customer intended to consent to vis-à-vis using his or her personal data. Similarly, obtaining consent for marketing through mixed modes of communication (e.g. “I consent to receiving marketing messages by phone/email”) is not adequate under the DNC regime as it remains ambiguous whether the customer consented to receiving phone messages, email, or both.


Undoubtedly this places a heavy burden on marketing departments. However, as breaching the DNC regime is a criminal offence, we encourage organisations to take a conservative approach and ensure that they obtain clear and unambiguous consent, evidenced in a written or other recorded form that is easily accessible for subsequent reference.

 

ATMD Bird & Bird

 

 

For further information, please contact:

 

Dharma Sadasivan, ATMD Bird & Bird

 

ATMD Bird & Bird TMT Practice Profile in Singapore


Homegrown TMT Firms in Singapore

Comments are closed.