B a n k i n g
a n d
F i n a n c e
B u l l e t i n
J a n u a r y
2 0 1 5
Singapore’s
Regulatory
Framework for Electronic
Marketing: Practical Tips
for Compliance
Wun Rizwi
Electronic marketing in Singapore is regulated primarily by two main sources of
legislation, with particular emphasis on the obligations of the sender.
Firstly, the Singapore Spam Control Act (“SCA”) sets out the regulatory
requirements relating to the contents and title when sending out unsolicited
commercial electronic messages in Singapore in bulk by electronic mail or by text or
multi-media messaging to mobile telephone numbers.
Secondly, the Do-Not-Call (“DNC”) Registry established under the Singapore
Personal Data Protection Act 2012 (“PDPA”), together with the relevant rules and
regulations applicable, regulates how senders of such marketing messages need to
govern the use of collected personal data in sending messages of a marketing
nature via telephone calls, text messages or fax.
Where such messages are sent in the form of text messages to mobile telephones,
the sender of such messages must comply with both the SCA and the PDPA.
Provisions of the SCA
The SCA sets out the types of electronic marketing messages which are regulated,
the requirements to be complied with for relevant affected electronic messages,
and certain prohibitions.
Affected Messages
In summary, unsolicited commercial electronic messages sent in bulk through email, or by text messages to mobile telephone, with the primary purpose of
advertising or offering goods and/or services or other opportunities to the recipient
must comply with the requirements set out in the SCA.
The SCA also applies to all messages with a “Singapore Link”.1
Note: This article is only intended for general reading. Under no circumstances is it to be relied
upon in substitution for specific advice on any issue(s) that may arise relating to its subject matter.
Asia > Middle East > Europe
International Capabilities Delivered Locally
Page 1
Requirements
Messages regulated under the SCA must comply with the following requirements:
1.
2.
Each message must contain an unsubscribe facility whereby:
>
the sender must include contact information in sufficient detail with
the message to enable the recipient to submit an unsubscribe
request;
>
this contact information must be valid for at least 30 days to receive
unsubscribe requests from recipients, and using this contact
information must not cost the recipient more than the usual cost of
using that kind of contact information;
>
once an unsubscribe request is submitted, the recipient's contact
information (e.g. electronic mail address to which the message was
sent) must be removed from the mailing list within 10 business
days; and
>
any person who receives the unsubscribe request must not disclose
the information to others, except with permission from the sender
of the unsubscribe request.
Every message must also fulfil labelling requirements whereby:
>
any title, header or subject field must not be false or misleading as
to the content of the message;
>
the title header or subject field must be prefixed with the letters
“<ADV>” or equivalent words first appearing in the main body of
the message, to clearly identify that the message is an
advertisement; and
>
there must be an accurate and functional e-mail address or
telephone number by which the sender can be readily contacted.
Other Relevant Factors
In addition, any sender should also be aware that the SCA prohibits the sending of
any electronic message to any electronic address generated or obtained through
the use of:
>
dictionary attack, defined under the SCA as “the method by which
the electronic address of a recipient is obtained using an automated
means that generates possible electronic addresses by combining
names, letters, numbers, punctuation marks or symbols into
numerous permutations”; or
>
address harvesting software, defined under the SCA as “software
that is specifically designed or marketed for use for searching the
Internet for electronic addresses, and collecting, compiling,
capturing or otherwise harvesting those electronic addresses”.
Remedies for Breach
Recipients who suffer loss or damage as a result of a sender’s contravention of the
requirements or the prohibitions in the SCA have a right to commence civil
proceedings against the sender, and if the sender is found guilty, the complainant
may be entitled, at his election, to damages in the amount of the loss or damages
actually suffered or statutory damages not exceeding S$25 for each electronic
message up to a maximum of S$1 million.
Note: This article is only intended for general reading. Under no circumstances is it to be relied
upon in substitution for specific advice on any issue(s) that may arise relating to its subject matter.
Asia > Middle East > Europe
International Capabilities Delivered Locally
Page 2
The Do-Not-Call Registry under the PDPA
The DNC provisions of the PDPA, which entered into operation on 2 January 2014,
have in effect compelled a serious re-examination of the manner of collecting and
using personal contact information in order to send electronic marketing messages.
The DNC provisions establish three registers within the DNC Registry, and affect
parties who wish to send “specified messages” via telephone calls, text messaging
or fax. Specified messages as defined under the PDPA are essentially marketing
messages, although some exemptions are provided for.
Senders will not be allowed to send specified messages to any number found within
the respective registers within the DNC Registry unless:
>
there is clear and unambiguous consent from the person who
submitted this personal information to allow the sender to contact
the recipient. The standards expected as to what constitutes clear
and unambiguous consent are very clear; and/or
>
senders may send specified text messages and specified fax
messages only (and not telephone calls) to a Singapore telephone
number if they are in an ongoing relationship2 with the subscriber
or user of that telephone number and the message is related to that
ongoing relationship, and provided that the sender includes his
contact information and must not conceal the identity of the line
that has been used to contact within the specified message.3
If no evidence of such consent exists, there is a duty under s 43(1) of the PDPA to
check the registers in the DNC Registry and wait for official confirmation. If a sender
intends to send through more than one method, each register must be checked. The
waiting period will be 60 days (those before 1 August 2014) and 30 days (those after
1 August 2014).
Any person or organisation found guilty of contravening the DNC provisions may be
liable to a fine of up to S$10,000 per message sent.
Enforcement of the DNC Provisions by the Personal Data Protection Commission
To date, there have been three convictions for offences under the PDPA related to
the DNC Registry:
>
On 27 August 2014, a tuition agency, Star Zest Home Tuition Pte Ltd
(“Star Zest”), and its director, Law Han Wei, were the first offenders to
be fined S$39,000 each, for a total fine of S$78,000. Both Star Zest and
its director had faced a total of 26 counts of contravening s 43(1) of the
PDPA for failing to check the DNC Registry before sending unsolicited
telemarketing messages to Singapore telephone numbers which had
been registered with the DNC Registry. The unsolicited messages
offered the teaching services of various tutors signed up with Star Zest.
48 other similar offences were taken into consideration; and
Note: This article is only intended for general reading. Under no circumstances is it to be relied
upon in substitution for specific advice on any issue(s) that may arise relating to its subject matter.
Asia > Middle East > Europe
International Capabilities Delivered Locally
Page 3
>
On 20 October 2014, a property salesperson registered with
Huttons Asia Pte Ltd was fined S$27,000 for sending unsolicited
telemarketing messages which advertised various residential
property developments in Singapore. He had pleaded guilty to 9 out
of 27 counts of contravening s 43(1) of the PDPA. According to the
Commission’s media release dated 22 September 2014 (“the Media
Release”), the real estate sector made up about 47% of complaints
pertaining to DNC-related offences.
The Media Release further highlighted the following:
>
The Commission had investigated more than 3,500 valid complaints
against various organisations since the DNC provisions took effect
on 2 January 2014, while investigations into some 1,700 other
complaints were ongoing. These organisations are from sectors
such as property, private education and retail;
>
The Commission had received a small number of isolated
complaints against 900 other organisations and had issued them
with notices that warned of the consequences of sending any
further unsolicited telemarketing messages; and
>
The Commission had allowed two organisations to compound their
offences relating to the sending of telemarketing messages to
Singapore telephone numbers registered with the DNC Registry in
lieu of prosecution, with the composition amounts ranging between
S$500 and S$1,000.
Practical Tips for Compliance
Organisations should consider having a useful checklist in place to help them comply
with the provisions of the DNC Registry.
Organisations should consider the following simple checklist:
>
Check whether the intended communication is a “specified
message” under the PDPA and/or is exempted under the Eighth
Schedule to the PDPA.
>
If it is a specified message, the organisation must ensure there is
evidence of clear and unambiguous consent from the subscriber. It
would be useful and efficient to have in place a repository of such
evidence for easy retrieval and checking.
>
Find out how fast the organisation’s system can upload such
evidence or update this database.
>
If there is such evidence, the organisation should next consider
whether the specified message contains certain specific required
elements. Standard wording must be considered.
>
If there is no such evidence, the organisation has a duty to check
with the DNC Registry and wait for official confirmation. The
“prescribed duration” will be a waiting period of thirty (30) days.
The organisation must check the relevant register. If the
organisation intends to send using more than one method, it must
check in each register.
Note: This article is only intended for general reading. Under no circumstances is it to be relied
upon in substitution for specific advice on any issue(s) that may arise relating to its subject matter.
Asia > Middle East > Europe
International Capabilities Delivered Locally
Page 4
Conclusion
The recent introduction of a completely new privacy regime in Singapore
necessitates a change in the mind-set and strategy of how marketing departments
are able to use personal contact information in sending out electronic marketing
communications.
The good news is that the legislative requirements regarding electronic marketing
communications in Singapore seem fairly straightforward to comply with.
_____________________
1
A “Singapore link” under the SCA includes the following circumstances:
a) the message originates in Singapore;
b) the sender of the message is:
i.
an individual who is physically present in Singapore when the message is sent; or
Ii. an entity whose central management and control is in Singapore when the message is
sent;
c) the computer, mobile telephone, server or device that is used to access the message is
located in Singapore;
d) the recipient of the message is:
i.
an individual who is physically present in Singapore when the message is accessed; or
Ii. an entity that carries on business or activities in Singapore when the message is
accessed.
2
The “ongoing relationship” refers to a relationship, which is on an ongoing basis, between a sender
and a subscriber or user of a Singapore telephone number, arising from the carrying on or conduct of a
business or activity (commercial or otherwise) by the sender; Paragraphs 4.8 to 4.20 of the
Commission’s Advisory Guidelines on the DNC provisions, issued on 26 December 2013, also provide
insight on the meaning of “ongoing relationship”.
3
Personal Data Protection (Exemption from Section 43) Order 2013.
For more information, please contact:
Wun Rizwi
Partner, Intellectual Property and Technology
(65) 6381 6818
rizwi.wun@rhtlawtaylorwessing.com
© RHTLaw Taylor Wessing LLP 2015
This publication is intended for general information and to highlight issues. While we endeavour to ensure its accuracy and completeness, we do not represent nor
warrant its accuracy and completeness and are not liable for any loss or damage arising from any reliance thereon. It is not intended to apply to specific circumstances or to constitute legal advice.
RHTLaw Taylor Wessing LLP (UEN No. T11LL0786A) is registered in Singapore under the Limited Liability Partnerships Act (Chapter 163A) with limited liability.
RHTLaw Taylor Wessing LLP is a Singapore law practice registered as a limited liability law partnership in Singapore (“The LLP”). It is a member of Taylor
Wessing, a group which comprises a number of member firms which are separate legal entities and separately registered law practices in particular jurisdictions.
The LLP is solely a Singapore law practice and is not an affiliate, branch or subsidiary of any of the other member firms of the Taylor Wessing group. A list of all
Partners and their professional qualifications may be inspected at our main office at Six Battery Road #10-01, Singapore 049909.
Note: This article is only intended for general reading. Under no circumstances is it to be relied
upon in substitution for specific advice on any issue(s) that may arise relating to its subject matter.
Asia > Middle East > Europe
International Capabilities Delivered Locally
Page 5