On 8 November, 2018, Singapore’s Personal Data Protection Commission (PDPC) issued its response to feedback received on a public consultation paper. In that consultation paper, the PDPC had proposed to:
- merge the Do Not Call provisions in the Personal Data Protection Act 2012 of Singapore (PDPA) and Spam Control Act into a single legislation to govern all unsolicited commercial messages; and
- assess requests for the PDPC to make determinations on complex or novel compliance issues under the PDPA.
1. Unsolicited commercial messages
The new legislation will apply to messages sent to a user’s instant messaging identifier, where a sender has to be first added by a user. It will also apply to messages sent via MMS audio files and video files sent using instant messaging identifiers. However, it will not apply to in-app notifications or a mobile phone’s notifications.
Time period for effecting withdrawal requests
This will be eventually streamlined to a reduced period of 10 business days, via two distinct phases:
In the first phase, the withdrawal period for the Do Not Call provisions under the PDPA will be reduced from 30 to 21 calendar days. The pricing mechanism for Do Not Call registry checks will also be reviewed. However, for any spam unsubscribe requests, this will remain unchanged at 10 business days.
In the second phase, any withdrawal whether under the Do Not Call or spam control provisions will need to be effected within 10 business days.