It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA).

On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA.

The proposed changes are significant. Key amendments include:

  1. Increased financial penalties for contraventions of the PDPA
  2. Mandatory data breach notification
  3. Revised consent framework
  4. New data portability obligation
  5. Enhanced rules on telemarketing and spam

Continue Reading Changes coming to Singapore’s data protection law

On 8 November, 2018, Singapore’s Personal Data Protection Commission (PDPC) issued its response to feedback received on a public consultation paper. In that consultation paper, the PDPC had proposed to:

  1. merge the Do Not Call provisions in the Personal Data Protection Act 2012 of Singapore (PDPA) and Spam Control Act into a single legislation to govern all unsolicited commercial messages; and
  2. assess requests for the PDPC to make determinations on complex or novel compliance issues under the PDPA.

1. Unsolicited commercial messages

Scope

The new legislation will apply to messages sent to a user’s instant messaging identifier, where a sender has to be first added by a user. It will also apply to messages sent via MMS audio files and video files sent using instant messaging identifiers. However, it will not apply to in-app notifications or a mobile phone’s notifications.

Time period for effecting withdrawal requests

This will be eventually streamlined to a reduced period of 10 business days, via two distinct phases:

In the first phase, the withdrawal period for the Do Not Call provisions under the PDPA will be reduced from 30 to 21 calendar days. The pricing mechanism for Do Not Call registry checks will also be reviewed. However, for any spam unsubscribe requests, this will remain unchanged at 10 business days.

In the second phase, any withdrawal whether under the Do Not Call or spam control provisions will need to be effected within 10 business days.Continue Reading Singapore to adopt new legislation on unsolicited commercial messages, and enhanced practical guidance framework for data protection

The ICO has had a busy January with some key updates to note for the start of 2014.

The ICO has produced a series of quarterly reports:

  • Spam text messages
    • The main three topics for the subject of unsolicited marketing text messages were found to be debt management, payday loans and payment protection insurance.
    • Enforcement

In a clampdown on the UK’s growing illegal telemarketing, the Information Commissioner’s Office (ICO) issued its first monetary penalties under the Privacy and Electronic Communications Regulations 2011 (PECR) in November.

Following an 18-month investigation, Christopher Niebel and Gary McNeish of Tetrus Telecoms were fined £300,000 and £140,000 respectively for distributing up to 840,000 illegal spam