Out-Law / Your Daily Need-To-Know

Privacy rules carve out lets Singapore businesses promote related products to existing customers

07 Jan 2014, 9:34 am

Businesses operating in Singapore can send marketing messages to customers that have registered to be listed on a new 'Do Not Call' (DNC) Registry under certain circumstances, the country's data protection watchdog has said.

From 2 January businesses operating in Singapore have been generally prohibited from sending marketing messages to individuals whose telephone numbers are included on a new DNC Registry.

Businesses are required to consult the Registry before sending such messages and face fines if they send messages to those who have asked not to be contacted. Only if they have received the "clear and unambiguous consent" of individuals listed on the Registry to the sending of marketing messages is that activity legitimate.

However, a new exemption allows businesses to send either text or fax messages to promote "related products and services" to individuals they have an "ongoing relationship" with, without having to consult the new Registry first.

"A bank or credit card company, for example, would be able to send its existing credit card holders telemarketing messages about related services, such as a rewards programme for credit card holders," the Personal Data Protection Commission (PDPC) of Singapore said in a statement. "As the exemption order does not apply to voice calls, organisations are still required to check against the DNC Registry before making telemarketing calls to promote related products and services."

The PDPC said some businesses had asked for the exemption to be made to the new rules on the basis that customers would expect to receive messages promoting related products and services, even if they were included on the DNC Registry.

"To rely on the exemption, organisations are required to provide information in their messages on how consumers can opt out of such messages, and allow consumers to opt out using the same medium by which the message is received," the regulator said. "Upon receiving an individual’s opt-out request, organisations must stop sending such messages to that individual within a specified timeframe."

The establishment of a new DNC Registry was a feature of new data protection rules finalised in Singapore last year. The Personal Data Protection Act (PDPA) has partially come into effect but the full framework will not be in force until 2 July this year.

The PDPC has issued new guidance (44-page / 278KB PDF) on how to comply with the new DNC Registry rules.