Jurisdiction - Singapore
News
Singapore – Regulatory Framework For Electronic Marketing: Practical Tips For Compliance.

8 January, 2015

 


Electronic marketing in Singapore is regulated primarily by two main sources of legislation, with particular emphasis on the obligations of the sender.

 
Firstly, the Singapore Spam Control Act (“SCA”) sets out the regulatory requirements relating to the contents and title when sending out unsolicited commercial electronic messages in Singapore in bulk by electronic mail or by text or multi-media messaging to mobile telephone numbers.

 
Secondly, the Do-Not-Call (“DNC”) Registry established under the Singapore Personal Data Protection Act 2012 (“PDPA”), together with the relevant rules and regulations applicable, regulates how senders of such marketing messages need to govern the use of collected personal data in sending messages of a marketing nature via telephone calls, text messages or fax.

 
Where such messages are sent in the form of text messages to mobile telephones, the sender of such messages must comply with both the SCA and the PDPA.

 
Provisions Of The SCA

 
The SCA sets out the types of electronic marketing messages which are regulated, the requirements to be complied with for relevant affected electronic messages, and certain prohibitions.

 
Affected Messages

 
In summary, unsolicited commercial electronic messages sent in bulk through email, or by text messages to mobile telephone, with the primary purpose of advertising or offering goods and/or services or other opportunities to the recipient must comply with the requirements set out in the SCA.

 
The SCA also applies to all messages with a “Singapore Link”.1

 

Requirements

 
Messages regulated under the SCA must comply with the following requirements:
1. Each message must contain an unsubscribe facility whereby:

 

  • the sender must include contact information in sufficient detail with the message to enable the recipient to submit an unsubscribe request;
  • this contact information must be valid for at least 30 days to receive unsubscribe requests from recipients, and using this contact information must not cost the recipient more than the usual cost of using that kind of contact information;
  • once an unsubscribe request is submitted, the recipient’s contact information (e.g. electronic mail address to which the message was sent) must be removed from the mailing list within 10 business days; and
  • any person who receives the unsubscribe request must not disclose the information to others, except with permission from the sender of the unsubscribe request.

 
2. Every message must also fulfil labelling requirements whereby:

 

  • any title, header or subject field must not be false or misleading as to the content of the message;
  • the title header or subject field must be prefixed with the letters “<ADV>” or equivalent words first appearing in the main body of the message, to clearly identify that the message is an advertisement; and
  • there must be an accurate and functional e-mail address or telephone number by which the sender can be readily contacted.

 
Other Relevant Factors

 
In addition, any sender should also be aware that the SCA prohibits the sending of any electronic message to any electronic address generated or obtained through the use of:

 

  • dictionary attack, defined under the SCA as “the method by which the electronic address of a recipient is obtained using an automated means that generates possible electronic addresses by combining names, letters, numbers, punctuation marks or symbols into numerous permutations”; or
  • address harvesting software, defined under the SCA as “software that is specifically designed or marketed for use for searching the Internet for electronic addresses, and collecting, compiling, capturing or otherwise harvesting those electronic addresses”.

 
Remedies For Breach

 
Recipients who suffer loss or damage as a result of a sender’s contravention of the requirements or the prohibitions in the SCA have a right to commence civil proceedings against the sender, and if the sender is found guilty, the complainant may be entitled, at his election, to damages in the amount of the loss or damages actually suffered or statutory damages not exceeding S$25 for each electronic message up to a maximum of SGD 1m.

 

 

The Do-Not-Call Registry Under The PDPA

 
The DNC provisions of the PDPA, which entered into operation on 2 January 2014, have in effect compelled a serious re-examination of the manner of collecting and using personal contact information in order to send electronic marketing messages.

 
The DNC provisions establish three registers within the DNC Registry, and affect parties who wish to send “specified messages” via telephone calls, text messaging or fax. Specified messages as defined under the PDPA are essentially marketing messages, although some exemptions are provided for.

 
Senders will not be allowed to send specified messages to any number found within the respective registers within the DNC Registry unless:

 

  • there is clear and unambiguous consent from the person who submitted this personal information to allow the sender to contact the recipient. The standards expected as to what constitutes clear and unambiguous consent are very clear; and/or
  • senders may send specified text messages and specified fax messages only (and not telephone calls) to a Singapore telephone number if they are in an ongoing relationship2 with the subscriber or user of that telephone number and the message is related to that ongoing relationship, and provided that the sender includes his contact information and must not conceal the identity of the line that has been used to contact within the specified message.3

 
If no evidence of such consent exists, there is a duty under s 43(1) of the PDPA to check the registers in the DNC Registry and wait for official confirmation. If a sender intends to send through more than one method, each register must be checked. The waiting period will be 60 days (those before 1 August 2014) and 30 days (those after 1 August 2014).

 
Any person or organisation found guilty of contravening the DNC provisions may be liable to a fine of up to SGD 10k per message sent.

 
Enforcement of the DNC Provisions by the Personal Data Protection Commission To date, there have been three convictions for offences under the PDPA related to the DNC Registry:

 

  • On 27 August 2014, a tuition agency, Star Zest Home Tuition Pte Ltd (“Star Zest”), and its director, Law Han Wei, were the first offenders to be fined SGD 39k each, for a total fine of SGD 78k. Both Star Zest and its director had faced a total of 26 counts of contravening s 43(1) of the PDPA for failing to check the DNC Registry before sending unsolicited telemarketing messages to Singapore telephone numbers which had been registered with the DNC Registry. The unsolicited messages offered the teaching services of various tutors signed up with Star Zest. 48 other similar offences were taken into consideration; and
  • On 20 October 2014, a property salesperson registered with Huttons Asia Pte Ltd was fined SGD 27k for sending unsolicited telemarketing messages which advertised various residential property developments in Singapore. He had pleaded guilty to 9 out of 27 counts of contravening s 43(1) of the PDPA. According to the Commission’s media release dated 22 September 2014 (“the Media Release”), the real estate sector made up about 47% of complaints pertaining to DNC-related offences.

 
The Media Release further highlighted the following:

 

  • The Commission had investigated more than 3,500 valid complaints against various organisations since the DNC provisions took effect on 2 January 2014, while investigations into some 1,700 other complaints were ongoing. These organisations are from sectors such as property, private education and retail;
  • The Commission had received a small number of isolated complaints against 900 other organisations and had issued them with notices that warned of the consequences of sending any further unsolicited telemarketing messages; and
  • The Commission had allowed two organisations to compound their offences relating to the sending of telemarketing messages to Singapore telephone numbers registered with the DNC Registry in lieu of prosecution, with the composition amounts ranging between SGD 500 and SGD 1k.

 
Practical Tips For Compliance

 
Organisations should consider having a useful checklist in place to help them comply with the provisions of the DNC Registry.

 
Organisations should consider the following simple checklist:

 

  • Check whether the intended communication is a “specified message” under the PDPA and/or is exempted under the Eighth Schedule to the PDPA.
  • If it is a specified message, the organisation must ensure there is evidence of clear and unambiguous consent from the subscriber. It would be useful and efficient to have in place a repository of such evidence for easy retrieval and checking.
  • Find out how fast the organisation’s system can upload such evidence or update this database.
  • If there is such evidence, the organisation should next consider whether the specified message contains certain specific required elements. Standard wording must be considered.
  • If there is no such evidence, the organisation has a duty to check with the DNC Registry and wait for official confirmation. The “prescribed duration” will be a waiting period of thirty (30) days. The organisation must check the relevant register. If the organisation intends to send using more than one method, it must check in each register.

 

Conclusion

 
The recent introduction of a completely new privacy regime in Singapore necessitates a change in the mind-set and strategy of how marketing departments are able to use personal contact information in sending out electronic marketing communications.

 
The good news is that the legislative requirements regarding electronic marketing communications in Singapore seem fairly straightforward to comply with.

 

End Notes:

 

A “Singapore link” under the SCA includes the following circumstances:
a) the message originates in Singapore;
b) the sender of the message is:

i. an individual who is physically present in Singapore when the message is sent; or

ii. an entity whose central management and control is in Singapore when the message is sent;

c) the computer, mobile telephone, server or device that is used to access the message is located in Singapore;
d) the recipient of the message is:

i. an individual who is physically present in Singapore when the message is accessed; or

ii. an entity that carries on business or activities in Singapore when the message is accessed.

 
2 The “ongoing relationship” refers to a relationship, which is on an ongoing basis, between a sender and a subscriber or user of a Singapore telephone number, arising from the carrying on or conduct of a business or activity (commercial or otherwise) by the sender; Paragraphs 4.8 to 4.20 of the Commission’s Advisory Guidelines on the DNC provisions, issued on 26 December 2013, also provide insight on the meaning of “ongoing relationship”.

 
3 Personal Data Protection (Exemption from Section 43) Order 2013.

 

RHTLTWlogo+slogan-RGB

For further information, please contact:

 

Rizwi Wun, Partner, RHTLaw Taylor Wessing

rizwi.wun@rhtlawtaylorwessing.com

 

RHTLaw Taylor Wessing TMT Practice Profile in Singapore

 

Homegrown TMT Firms in Singapore

Comments are closed.