Article by Michael Lim

Introduction

Earlier this year, the Singapore government announced that it will introduce a new data protection legislation. The Ministry of Information, Communications and the Arts ('MICA') conducted a public consultation that concluded on 25 October 2011, seeking public feedback on the data protection framework and whether a national Do-Not-Call ("DNC") registry should be set up in Singapore.

Unsolicited marketing via telemarketing, Short Messaging Service ("SMS") messages or Multimedia Messaging Service ("MMS") messages has been a common complaint among members of the public, thus there is no doubt there had been strong support for a national DNC registry during the consultation. This has prompted MICA to initiate another public consultation, the subject of this new alert, inviting feedback regarding the details for the proposed DNC registry.

Relevant Legislation/Regulation

The relevant legislation in controlling unsolicited marketing messages is the Spam Control Act, which was enacted for the control of spam, which means unsolicited commercial communications sent in bulk by electronic mail or by text or multimedia messaging to mobile telephone numbers. For certain industries or sectors where guidelines or regulations are imposed, certain restrictions on telemarketing activities are available. Industry self-regulation on telemarketers is available as well.

How will the national DNC registry work?

The national DNC will allow individuals to register their phone numbers in the registry on a freeof- charge basis, and organizations have to ensure that they do not send marketing messages or calls to the registered numbers. Organizations may continue to send marketing messages to registered phone numbers if individual has given explicit consent to receiving such marketing messages.

Proposed scope of framework

In the consultation paper, MICA has proposed certain scope for the DNC registry, in terms of the type of:

  • Messages;
  • Entities covered; and
  • Phone numbers.

Type of messages

The proposed regime is to control unsolicited marketing messages, and the scope of marketing messages was stated to include telephone calls, SMS/MMS messages, or faxes, which contain marketing or commercial elements within the message. Based on the content or presentation of the message, the message is deemed as a marketing message if one of the purposes of the message is to offer to supply, advertise or promote goods (or land, interests in land, business or investment opportunities) or services. The focus of the proposed regime is on marketing messages, and therefore, it has been proposed that messages (without marketing element) sent by charitable organizations or political bodies will not be blocked. It has also been proposed that messages for the purpose of obtaining information, market research or surveys will also not be blocked.

The focus is therefore on the "marketing" element, and not the "unsolicited" element, even though such "non-marketing" messages may not be welcomed by the individual recipients or may cause recipients to incur costs for receipt.

It is proposed that electronic mail messages be excluded in the DNC framework, for the reason that unsolicited commercial emails can be easily dealt with by e-mail filters or deleted; and that majority of spam e-mails originate from overseas, and enforcement will not be effective. Also, spam e-mails may be more applicable under the regime of the Spam Control Act.

In limiting the scope of the DNC registry to phone numbers, difficulties may arise where there is new technologies that allows marketing messages to be sent without a phone number, especially with the proliferation of smart phones applications. Organizations may be unable to identify the phone numbers for verification with the DNC registry, or may make use of this as a loophole out of the DNC regime. Type of entities covered MICA proposed for:

  1. the registration to include business phone numbers as well, for the reason that marketing messages sent to business numbers can be disruptive and lead to loss of productivity for businesses;
  2. the registration to be applicable for local telephone only, as the purpose of the DNC registry is to allow individuals in Singapore to opt-out of marketing messages;
  3. both the organization outsourcing the sending and the organization sending the marketing messages to be accountable under the DNC regime, so that organizations may not bypass the DNC registry by outsourcing third parties to send the marketing messages on their
  4. behalf.

Validity of registration

MICA has identified that in other jurisdictions such as Canada and Australia, phone numbers which are registered will be removed after 5 years, and re-registration is required. MICA considered that individuals are unlikely to change their minds about registration and will not wish to go through the reregistration regularly. It is therefore proposed that the registration in the DNC registry be a one-off exercise, but individuals may withdraw their registrations by going through the similar method as with registrations.

Exceptions

The typical exceptions to the DNC registry is where the individual has given consent to be sent the marketing messages, or when there is an existing business relationship. Where consent has been given, MICA proposed that the organization be allowed to send the messages even after they are registered, leaving the individual to give reasonable notice to the organization to withdraw such consent.

As for ongoing business relationship between the individual and organization, that alone cannot be taken as consent. If the individual has not given explicit consent, the organization may not send marketing messages under the DNC framework.

Checking of DNC Registry

Checking of the registry can be achieved by:

  1. making available to the organizations the updated list of registered phone numbers from the registry; or
  2. having the organization send their list of phone numbers, to be filtered by DNC operator by removing the registered numbers from the list.

MICA proposed the "filtering method" to minimize unnecessary transfer of data to the organization, and potential misuse of the list of registered phone numbers. The proposed annual subscription fees for checking the DNC registry ranges from S$2000 to S$6000.

Penalty and Enforcement Regime

The DNC framework is administered by the Data Protection Commission, who is proposed to have the authority to investigate and take enforcement actions against any breaches. Organizations may face fines up to a maximum of S$1 million. It is MICA's view that the majority of contraventions would be nonmalicious in nature, and affected limited number of individuals, and therefore penalty ceilings may be imposed, eg up to S$1000 per telephone number contacted. Notably, the proposed framework will not allow individuals to claim under civil proceedings.

Spam Control Act

Under the Spam Control Act, any person who send unsolicited commercial electronic messages in bulk will have to fulfill certain requirements, eg providing information for the individual to send an unsubscribe request. Where an individual send an unsubscribe request, MICA proposed that such request not to be considered as a withdrawal of the individual's explicit consent to the organization to receiving marketing messages, the reason being that the scope of DNC registry is not completely aligned with the scope of the Spam Control Act. The intent to unsubscribe from bulk spam messages may not be taken to apply to the marketing messages.

Conclusion

MICA is seeking the views and comments on the proposed DNC framework, and the public consultation closes on 5 December 2011.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.