Electronic marketing in Singapore is regulated primarily by two main sources of legislation, with particular emphasis on the obligations of the sender.
The Singapore Spam Control Act (SCA), sets out the regulatory requirements relating to the contents and title when sending out unsolicited commercial electronic messages in Singapore. It applies to messages sent in bulk by electronic mail, by text or by multi-media messaging to mobile telephone numbers.
The Singapore Personal Data Protection Act (PDPA), provided for the establishment of a Do-Not-Call (DNC) Registry which allows individuals to opt out of receiving marketing messages by phone, text or fax. The PDPA also governs the use of personal data to send such messages.
Any direct marketing sent by text to mobile phones must comply with both the SCA and the PDPA.
Provisions of the SCA
The SCA sets out the type of electronic marketing messages which are regulated, the requirements to be complied with in relation to relevant electronic messages, and certain prohibitions.
In summary, unsolicited commercial electronic messages sent in bulk by e-mail, or by text message to mobile telephones withthe primary purpose of advertising or offering goods and or services or other opportunities to the recipient, must comply with the SCA. The SCA will also apply to all messages with a "Singapore Link". This means:
- the message originates in Singapore;
- the sender of the message is:
- an individual who is physically present in Singapore when the message is sent; or
- an entity whose central management and control is in Singapore when the message is sent;
- the computer, mobile telephone, server or device that is used to access the message is located in Singapore; or
- the recipient of the message is:
- an individual who is physically present in Singapore when the message is accessed; or
- an entity that carries on business or activities in Singapore when the message is accessed.
Messages regulated under the SCA must comply with the following requirements:
Each message must contain an unsubscribe facility whereby:
- the sender must include sufficient contact information in the text message to enable the recipient to submit an unsubscribe request;
- the contact information provided must be valid for at least 30 days and using this contact information must not cost more than the standard rate;
- once an unsubscribe request is submitted, the recipient's contact information (e.g. electronic mail address to which the message was sent) must be removed from the mailing list within 10 business days; and
- any person who receives an unsubscribe request must not disclose the sender's personal information to others without the sender's consent.
Every message must also fulfil the labelling requirements whereby:
- any title, header or subject field must not be false or misleading as to the content of the message;
- the title header or subject field must be prefixed with the letters "<ADV>" or equivalent words first appearing in the main body of the message, to clearly identify the message as an advertisement; and
- there must be an accurate and functional e-mail address or telephone number by which the sender can be contacted.
Other relevant factors
In addition, any sender should also be aware of the following prohibitions:
the SCA prohibits the sending of electronic messages to any electronic address generated or obtained through the use of:
- dictionary attack, defined under the SCA as "the method by which the electronic address of a recipient is obtained using an automated means that generates possible electronic addresses by combining names, letters, numbers, punctuation marks or symbols into numerous permutations"; or
- address harvesting software, defined under the SCA as "software that is specifically designed or marketed for use for searching the Internet for electronic addresses, and collecting, compiling, capturing or otherwise harvesting those electronic addresses".
Remedies for breach
Recipients who suffer loss or damage as a result of a sender's contravention of the SCA have a right to commence civil proceedings against the sender, and the complainant may be entitled, at his election, to damages in the amount of the loss or damage actually suffered or statutory damages not exceeding S$25 for each electronic message up to a maximum of S$1 million.
The Do Not Call Registry under the PDPA
This recently enacted regime under the PDPA, has resulted in a serious re-examination of the manner of collecting and using personal contact information in order to send electronic marketing messages.
The DNC provisions establish three registers within the DNC Registry and affect parties who wish to send "specified messages" by telephone calls, through text messaging or by fax. Specified messages as defined under the PDPA are essentially marketing messages, although some exemptions are provided for.
Senders will not be allowed to send specified messages to any number listed in the DNC registers unless:
- there is clear and unambiguous consent from the person who submitted the personal information to allow the sender to contact the recipient; and/or
- senders may send specified text messages and specified fax messages only (and not telephone calls) to a Singapore telephone number if they are in an ongoing relationship,(defined as a relationship between a sender and a subscriber or user of a Singapore telephone number arising from the carrying on or conduct of a business or activity, commercial or otherwise, with the sender) where the subscriber or user of that telephone number and the message is related to that ongoing relationship and provided the sender includes his contact information and does not conceal the identity of the line that has been used to contact within the specified message.
If no evidence of such consent exists, then there is a duty to check with registers in the DNC and wait for official confirmation. If a sender intends to send marketing material using more than one method, then each register must be checked. The waiting period will be 30 days.
Any person or organisation found guilty of contravening the DNC provisions may be liable to a fine of up to S$10,000 per message sent.
The Attitude of the Personal Data Protection Commission (the "Commission")
The Commission appears to take enforcement of the DNC provisions very seriously. In May 2014, following 3,700 valid complaints, the Commission announced it had:
- censured multiple organisations for breaching the DNC Registry requirements;
- investigated about 630 organisations, mainly from sectors such as property, tuition and insurance;
- allowed two organisations to settle their offences relating to the sending of telemarketing messages to Singapore telephone numbers registered with the DNC Registry in lieu of prosecution, with the amounts paid ranging between S$500 and S$1,000;
- issued warning letters to about 380 other organisations in relation to a small number of isolated complaints, warning them of the consequences of sending any further unsolicited telemarketing messages; and
- issued proceedings against a tuition agency, Star Zest Home Tuition Pte. Ltd., and its director, for offences relating to the DNC Registry under the PDPA. Following many complaints relating to their flagrant breaches of the DNC provisions, both the tuition agency and its director were charged in the State Courts on 4 June 2014, each of them facing up to 37 counts of contravening the obligation to check the DNC Registry before sending any telemarketing messages to Singapore telephone numbers. After pleading guilty, both the agency and its director were fined a total of S$39,000 or S$3,000 per charge.
The new legislative requirements in relation to electronic marketing communications in Singapore are fairly straightforward but they require a change in the mind-set and strategy of marketing departments hoping to use personal data to send direct electronic marketing messages.