'

Singapore looks to tighten up antispam, do-not-call laws

Government is seeking public feedback on proposals to merge the two laws and clarify regulations businesses need to adhere to when sending out marketing messages.

Singapore is looking to tighten up its antispam and do-not-call legislations as well as provide better clarity on rules businesses must adhere to when sending out messages to customers.

The country's Personal Data Protection Commission said it was proposing several changes to existing laws to ensure they remained relevant amidst technological advancements and to better protect consumers from unsolicited commercial messages.

With businesses fumbling, Singapore must take more care in data aspirations

Singapore government has been opening up user data access to ease information exchange and business transactions, but it should observe some caution as major organisations continue to slip up over security.

Read More

Specifically, it mooted the need to merge the Spam Control Act and Do Not Call (DNC) legislations outlined in the Personal Data Protection Act (PDPA). This move would be in line with other jurisdictions such as Hong Kong and the UK, said the commission.

It also was proposing several other changes to provide "greater clarity and certainty for organisations in complying with the PDPA" it said, adding that these would better safeguard individuals from unsolicited commercial messages and reduce ambiguity for businesses.

For instance, the commission was recommending a shorter withdrawal of consent period for consumers from the current 30 calendar days, to 10 business days. This would be in line with the withdrawal period outlined in the Spam Control Act and minimise any potential confusion for businesses that need to comply with both laws.

In addition, antispam rules would be extended to include messages sent in bulk via instant messaging identifiers, such as account or login ID created by the consumer. This proposed change aimed to ensure organisations that sent unsolicited commercial messages via such platforms would need to provide a functioning "unsubscribe" service.

Under the new act, the use of dictionary attacks as well as address harvesting software would be outlawed. The former was defined as tactics by which e-mail addresses were attained using the automated generation of different permutations--combining names, letters, numbers, and symbols--to deduce potential email addresses.

The commission said it also was seeking feedback on whether the DNC rules should encompass business-to-business telemarketing messages. The public and industry would have until June 7 to provide feedback.