You are here
Personal data panel seeking views on Do Not Call Provisions, Spam control Act
A REVIEW of the Personal Data Protection Act (PDPA) is being undertaken to better protect consumers from unsolicited commercial messages like telemarketing and spam messages, and reduce ambiguity for organisations in complying with differing requirements when sending commercial messages, the Personal Data Protection Commission (PDPC) said on Friday.
In its review of the Act, the PDPC is seeking views on its proposals through a public consultation to be held from April 27 to June 7. This will concern two key areas.
The first concerns the merger of the Do Not Call (DNC) provisions of the PDPA and the Spam Control Act under a single Act governing unsolicited commercial messages, the PDPC said.
This would follow similar approaches in other jurisdictions, such as Hong Kong and United Kingdom, it added.
Requirements that the PDPC is proposing to streamline include:
- Providing a shorter withdrawal of consent period for consumers
- Regulating unsolicited commercial messages sent in bulk via Instant Messaging (IM) platforms
- Prohibiting the use of dictionary attacks and address harvesting software
Additionally, the PDPC is proposing for infringements of the DNC Provisions under the new Act to be enforced under an administrative regime similar to the PDPA. “This will allow for prompt action to be taken in cases investigated by the PDPC which will be empowered to issue directions, including financial penalties, for infringements of the DNC Provisions under the new Act,” the commission said. Its proposals will also seek comments on changes that affect organisations.
New legal obligations are also being proposed to ensure that companies accurately communicate the results of their DNC Registry checks and prohibit their resale.
The commission will also seek comments on whether the DNC Provisions should be extended to cover business-to-business (B2B) telemarketing messages.
The second area that the commission will seek feedback on is how it can provide greater clarity and certainty for organisations in complying with the PDPA while supporting innovation through the introduction of the Enhanced Practical Guidance (EPG) framework under the PDPA.
The EPG framework will allow the commission to provide guidance on whether a proposed use of personal data complies with the PDPA in an effort to provide regulatory certainty to organisations.