Singapore is looking to tighten up its antispam and do-not-call legislations as well as provide better clarity on rules businesses must adhere to when sending out messages to customers.
The country's Personal Data Protection Commission said it was proposing several changes to existing laws to ensure they remained relevant amidst technological advancements and to better protect consumers from unsolicited commercial messages.
Specifically, it mooted the need to merge the Spam Control Act and Do Not Call[1] (DNC) legislations outlined in the Personal Data Protection Act[2] (PDPA). This move would be in line with other jurisdictions such as Hong Kong and the UK, said the commission.
It also was proposing several other changes to provide "greater clarity and certainty for organisations in complying with the PDPA" it said, adding that these would better safeguard individuals from unsolicited commercial messages and reduce ambiguity for businesses.
For instance, the commission was recommending a shorter withdrawal of consent period for consumers from the current 30 calendar days, to 10 business days. This would be in line with the withdrawal period outlined in the Spam Control Act and minimise any potential confusion for businesses that need to comply with both laws.
In addition, antispam rules[3] would be extended to include messages sent in bulk via instant messaging identifiers, such as account or login ID created by the consumer. This proposed change aimed to ensure organisations that sent unsolicited commercial messages via such platforms would need to provide a functioning "unsubscribe" service.
Under the new act, the use of dictionary attacks as well as address harvesting software would be outlawed. The former was defined as tactics by which e-mail addresses were attained using the automated