Commentary: Singapore considers “do-not-call” list in overdue data protection law

September 13th, 2011 | by Alfred Siew
Commentary: Singapore considers “do-not-call” list in overdue data protection law
Cellphones
4

Tired of all those calls or SMSes selling new condos, insurance or credit cards, Singapore’s mobile phone users might just get some relief from the irritation, if a new data protection law goes into effect as early as next year.

This will be possible with a national “do not call” registry that users can sign up to, and which telemarketers have to check against before launching a marketing campaign.

The list, to be maintained by a new independent agency, is part of a proposed consumer data protection law unveiled by the Ministry of Information, Communications and the Arts (MICA) today, as it seeks to secure the private information of individuals, as places like the European Union (EU) and the United States have done earlier.

The ministry is currently seeking feedback for its proposals, which will be a boost for many privacy advocates who have, over the years, criticised the government for being too pro-business and hands off about personal data.

Currently, Singapore has no privacy law. Authorities have often turned to the Computer Misuse Act, for example, to prosecute serious cases of stolen personal data, but when it comes to the lesser offence of that irritating phone call from spammers, there has been only voluntary industry-wide compliance.

In other words, when there’s no penalty, there’s no willingness to comply. Therefore, the endless calls and SMSes that have irritated mobile phone users to no end, even as the country boasts of its nearly 150 per cent cellphone penetration rate.

Here’s how many telemarketing firms often work. Say, a bank wants to advertise its new credit card to its users. It contacts a telemarketing firm, which then gets in touch with a telco to send out its SMSes to a target demographic.

The telco doesn’t share any information with either the bank or telemarketer – so it’s not breaking any law. It simply selects among its users the right demographics and blasts the SMSes out.

Sometimes, the telemarketer sends out the information to its own database of users, with information possibly collected through contests or other means. If so, it only needs to buy a bulk capacity of, say, 10,000 SMSes from a telco and can blast them out itself.

Either way, the practice is annoying. Even if you already have five credit cards with the bank, you still get an annoying SMS telling you to sign up for another because the folks sending the spam SMS don’t know it.

With the new law, the national “do not call” registry will go a long way in stopping such rampant spamming. Before a company can call or SMS you to sell a product, it would have to check that you are not already on the list of “opt out” participants.

The authorities, always so pro-business in the past, seem to have come around this time in seeing that no regulation is bad regulation. In its proposal, it notes:

While a national DNC registry may impose additional compliance costs on organisations engaging in telemarketing activities, telemarketers will benefit by being able to effectively target a genuine group of consumers who are interested in receiving information on the organisation’s products/services, and eliminate time and resources wasted on those who do not wish to be disturbed.

So, when can a company call you up? Can your telco, which you are using to make calls, call you up to offer a discount on your phone bill? Chances are, they can, and you’d probably be okay with that. After all, it’s the annoying calls from organisations knowing nothing about you and selling you useless stuff that upset you.

The new rules being proposed are also clear about another source of irritation – misuse. When was the last time you left your name and phone number behind while viewing a condo showflat, and ended up being spammed by the property agent months after?

If the authorities mean what they say in their current proposal, then such misuse may well be a thing of the past. After all, you are only interested in one condo, not spam on every single new development that the agent is promoting each weekend.

Interestingly, MICA proposes that:

…the use or processing of such personal data by organisations must be reasonable and fulfil only the purposes for which the individual’s consent was obtained.  Unless consent is not required under the DP Act, fresh consent has to be obtained if the personal data collected is to be used for a different purpose other than the purposes for which the individual has given consent.

The authorities are also quite clearly against the storage of personal data for future spamming:

…it is proposed that if an organisation uses an individual’s personal data to make a decision that directly affects the individual, the organisation shall retain that information for a sufficient period of time after using it so that the individual has a reasonable opportunity to obtain access to it.

Following that, an organisation shall then destroy its documents containing personal data, or make such data anonymous, when retention is no longer necessary for legal or business purposes, and as soon as it is reasonable to assume that the purpose for which that personal data was collected is no longer being served by retention of the personal data.

And what of penalties? MICA is proposing fines of up to S$1 million as a deterrent to spammers and others who break the law. The punishment may be meted out by a newly set-up Data Protection Commission.

The proposed penalty regime is thus a tiered one that will enable the DPC to enforce remedies commensurate with the seriousness of the violation. Specifically, it is proposed that the DPC will have powers to issue orders for an organisation to rectify non-compliance with the DP law, and require the organisation to pay, within a specified period, a financial penalty of such amount not exceeding $1 million.  The financial penalty is notwithstanding any order already made by the DPC.

So, all in, the proposed data protection law is a step in the right direction, after previous half measures have been proven to be inadequate in handling the threat of spam. The move is long overdue, which the authorities hint at as well by saying Singapore is moving to keep up with other places, such as the EU and the US.

It’s interesting that MICA emphasises that consumer rights and economic benefits need not clash with the new law.

To some extent, this is true. Just ask businesses how much money spam has caused them in productivity each year (think of the time wasted sifting through spam). Or ask companies  that have embarked on a telemarketing campaign but ended up being despised by those it spammed.

On the flip side, the law cannot be so strict that it makes it too onerous for companies to send, say, relevant discounts and promotions to their customers as part of regular marketing activity. They should not have to worry about being fined every time they send out a piece of relevant marketing material to customers.

The key here is relevance, which so far has been taken by marketers to mean “anything goes”. That, fortunately, looks like changing if the new law goes through, as expected. It’d be interesting to see how the telcos, banks, property agencies and telemarkers respond.

Tired of spam? Tell MICA what you think on its website. Deadline is October 25, 2011.

Advertisements

4 Comments

  1. Michael Bian says:

    Informative article.Thank you for sharing this one..

  2. Michael bian says:

    Telemarketing can offer a number of clear advantages over other forms of direct marketing.

  3. This cannot come too soon. 

  4. Bob says:

    This sort of thing has worked wonders in Australia

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.