On Thursday 14 May 2020, the Ministry of Communications and Information and the Personal Data Protection Commission of Singapore launched an online public consultation of the Personal Data Protection (Amendment) Bill 2020.
Over the last six plus years from 2 January 2014, we have seen very little enforcement under the Do Not Call provisions in the Personal Data Protection Act, the PDPA. With the changes to enforcement in the proposed amendment bill, that is certainly set to change.
Here is what you need to know if you have not been paying close attention to the Do Not Call rules. Every feeling of complacency must disappear, or you will certainly find yourself in trouble with the Commission.
What the Do Not Call regime requires
The Do Not Call rules require senders of ‘specified messages’ – that is, marketing messages that are intended to sell goods or services, an interest in land, a business or investment opportunity, etc.:
It is a criminal offence to fail to comply with any of these requirements. On conviction, a person who contravenes any of these rules can be liable for a fine not exceeding $10,000.
How enforcement of the Do Not Call regime is a problem
From the Commission’s perspective, the problem with the above compliance failures being criminal offences is that it is not able to enforce them directly. Instead, the Commission needs to arrange for them to be prosecuted through criminal enforcement channels. This can be a challenge after, for example, taking into account conflicting priorities in the criminal enforcement system.
The Commission says in the Public Consultation Paper that the Commission will be able to enforce the above Do Not Call rule under the same administrative regime as the data protection provisions in the PDPA. They note that several jurisdictions, such as Australia, Canada, Hong Kong and the United Kingdom similarly enforce such provisions under administrative regimes.
The draft amendment bill does the following two things:
Therefore, after the proposed amendment the Commission will be able to issue various directions, including financial penalties to the senders of specified messages if they do not comply with any one or more of the three requirements described above.
In other words, the Commission would be able to issue a direction to the sender of specified messages that do not comply with the Do Not Call rules to pay a financial penalty. At present, that financial penalty could not exceed S$1 million. (The proposed amendment bill changes this limit so that the financial penalty may not exceed the greater of S$1 million or 10 percent of the sender’s annual turnover in Singapore.)
1 Various types of messages, as listed in the Eighth Schedule to the PDPA, are excluded from the definition of ‘specified message’.
2 It will also be amended to enable the Commission to give directions in connection with a failure to comply with Part IXA, which deals with dictionary attacks and the use of address-harvesting software.
Written by Lyn Boxall, Director, Lyn Boxall LLC
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.
Get access to news, enforcement cases, events, and actionable tips and guides
Get regular email updates and offers
Job opportunities, mentorship and career guidance
Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin
DPEX Network is a Community Initiative of Straits Interactive.
Copyright © Straits Interactive Pte Ltd. All Rights Reserved.
All intellectual property rights to logos and brands featured on this website remain the property of their respective owners.