Do Not Call – Beware of changes to enforcement!

2020-06-16
Article Banner

On Thursday 14 May 2020, the Ministry of Communications and Information and the Personal Data Protection Commission of Singapore launched an online public consultation of the Personal Data Protection (Amendment) Bill 2020.

Over the last six plus years from 2 January 2014, we have seen very little enforcement under the Do Not Call provisions in the Personal Data Protection Act, the PDPA. With the changes to enforcement in the proposed amendment bill, that is certainly set to change.

Here is what you need to know if you have not been paying close attention to the Do Not Call rules. Every feeling of complacency must disappear, or you will certainly find yourself in trouble with the Commission.

The Do Not Call regime


What the Do Not Call regime requires

The Do Not Call rules require senders of ‘specified messages’ – that is, marketing messages that are intended to sell goods or services, an interest in land, a business or investment opportunity, etc.:

  • to check the Do Not Call registry before sending any specified message to a Singapore telephone number – that is, before sending any fax, SMS/WhatsApp, etc. text message or making any voice call – unless the sender has obtained clear and unambiguous consent from the user or subscriber of the Singapore telephone number
  • to include certain clear and accurate information in the specified message1 – this includes identifying the sender and information about how they can be contacted – and
  • not to make a voice call or to send a fax that conceals or withholds the sender’s identity

It is a criminal offence to fail to comply with any of these requirements. On conviction, a person who contravenes any of these rules can be liable for a fine not exceeding $10,000.


How enforcement of the Do Not Call regime is a problem

From the Commission’s perspective, the problem with the above compliance failures being criminal offences is that it is not able to enforce them directly. Instead, the Commission needs to arrange for them to be prosecuted through criminal enforcement channels. This can be a challenge after, for example, taking into account conflicting priorities in the criminal enforcement system.

Proposed Amendment and its effect

The Commission says in the Public Consultation Paper that the Commission will be able to enforce the above Do Not Call rule under the same administrative regime as the data protection provisions in the PDPA. They note that several jurisdictions, such as Australia, Canada, Hong Kong and the United Kingdom similarly enforce such provisions under administrative regimes.

The draft amendment bill does the following two things:

  • it deletes the rules that state the above criminal offences and penalties
  • it amends section 29 of the PDPA, which currently gives the Commission the power to issue directions for non-compliance with Parts III to VI of the PDPA (that is, the data protection provisions), by extending it so that the Commission can issue directions if a person has not complied with Part IX2, which contains the Do Not Call rules

Therefore, after the proposed amendment the Commission will be able to issue various directions, including financial penalties to the senders of specified messages if they do not comply with any one or more of the three requirements described above.

In other words, the Commission would be able to issue a direction to the sender of specified messages that do not comply with the Do Not Call rules to pay a financial penalty. At present, that financial penalty could not exceed S$1 million. (The proposed amendment bill changes this limit so that the financial penalty may not exceed the greater of S$1 million or 10 percent of the sender’s annual turnover in Singapore.)



1   Various types of messages, as listed in the Eighth Schedule to the PDPA, are excluded from the definition of ‘specified message’.

2  It will also be amended to enable the Commission to give directions in connection with a failure to comply with Part IXA, which deals with dictionary attacks and the use of address-harvesting software.


Written by Lyn Boxall, Director, Lyn Boxall LLC

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEXNetwork.


Unlock these benefits
benefit

Get access to news, enforcement cases, events, and actionable tips and guides

benefit

Get regular email updates and offers

benefit

Job opportunities, mentorship and career guidance

benefit

Exclusive access to Data Protection community - ask questions, network and share knowledge with peers and experts via WhatsApp and Linkedin

Topics
Related Articles