Enforcing DNC registry rules will not be easy: Lawrence Wong

But Mr Wong, who is also Acting Minister for Culture, Community and Youth, assured the House that the Personal Data Protection Commission (PDPC), which manages the registry, is committed to investigate every complaint and "follow up with prosecution if necessary".

Go to Singapolitics for more stories.

Here is MCI's response to Parliament Questions on the Do-Not-Call Registry:

Questions:

Mr Ang Wei Neng: To ask the Minister for Communications and Information what is the rationale for exempting businesses from having to check the Do-Not-Call Registry when sending SMS and fax messages to existing customers.

Er Dr Lee Bee Wah: To ask the Minister for Communications and Information with regard to the exemption on the Do-Not-Call Registry which allows businesses to send SMS and fax messages to existing customers (a) what is the Ministry's definition of an "on going relationship"; and (b) whether the Ministry will consider changing the exemption to an "opt in" rather than an "opt out" approach for an existing customer who does not want to receive any marketing messages.

Assoc Prof Tan Kheng Boon Eugene: To ask the Minister for Communications and Information (a) what are the reasons why a registration on the Do Not Call Registry is not a sufficient affirmation of no consent to receiving exempted telemarketing messages; (b) how the exemption adequately protects and balances the privacy rights of the consumers under the Personal Data Protection Act against business and commercial interests; and (c) whether greater clarity can be provided to the meaning and extent of the purpose of an exempt message to the subject of an ongoing relationship between the sender and the recipient.

Ms Tan Su Shan: To ask the Minister for Communications and Information (a) what has been the initial response of business entities to the issuance of the Advisory Guidelines for the Do Not Call Provisions by the Personal Data Protection Commission (PDPC); (b) whether businesses have been able to understand the guidelines sufficiently in order to ensure compliance or have they found some of the new processes or systems required impractical or too costly to implement; and (c) whether the PDPC will take a more balanced approach in its enforcement procedures.

Mr Chen Show Mao: To ask the Minister for Communications and Information what are the reasons for the reversal by the Personal Data Protection Commission to now allow businesses to send marketing messages to persons with whom they have an 'ongoing relationship' without having to obtain their consent and notwithstanding their having registered their names in the Do-Not-Call Registry.

Mr Chen Show Mao: To ask the Minister for Communications and Information what will the Ministry do to educate consumers and individuals of steps that they may take to stop receiving marketing messages from businesses including those with whom they may have an 'on-going relationship'.

Answer:

If an individual signs up their fixed-line or mobile phone number on the Do Not Call, or DNC, Registry, it means that organisations cannot contact the individual for telemarketing purposes by voice, text or fax. Organisations must therefore, check the DNC Registry before sending out any telemarketing messages via a phone call, text message or fax. An organisation can only contact the DNC-registered number, if that individual had given clear and unambiguous consent for that particular organisation to do so.

The framework for the DNC Registry, along with the Personal Data Protection Bill, was passed in Parliament in October 2012, after three rounds of public consultation spanning September 2011 to April 2012. In one of these public consultations, some businesses had proposed that organisations do not need to check the DNC Registry if the number belonged to a customer with whom they have an existing business relationship. This would allow organisations to market any products or services that the organisation offers, to their existing customers. This proposal was rejected as it would be too far-reaching.

After the Bill was passed, the Personal Data Protection Commission, or PDPC, conducted another two rounds of public consultation between February to April 2013 and May to June 2013 on a set of advisory guidelines and business rules relating to the DNC Registry respectively. These guidelines and business rules were published in September 2013. Subsequently, as organisations prepared to comply with the DNC provisions, the treatment of in-service telemarketing messages emerged as a new issue, during the consultations of the guidelines, surfaced by consumers as well as businesses and non-profit organisations. What is an in-service telemarketing message? An example would be a telecom operator notifying a subscriber of his mobile prepaid card balance, and in the same message also provide information about discounted rates for IDD calls for prepaid card holders. Without the exemption, the operator would only able to inform a customer about his prepaid card balance.

The PDPC has an Advisory Committee comprising 8 members from consumer organisations, data protection legal experts, and from industry. In consultation with the Advisory Committee, the PDPC recognised that while some consumers are very clear that they do not want any telemarketing messages from businesses at all, there are others who may like to receive in-service telemarketing text messages from organisations with which they have an on-going relationship.

Hence, on 26 December 2013, the PDPC announced the issuance of an exemption that allows organisations that send in-service telemarketing SMS or fax messages from having to check the DNC Registry, if they meet a strict list of conditions. This exemption is much narrower in scope and application than the exemption that had originally proposed by businesses.

What does this exemption mean for consumers and business organisations? For voice calls, there is no change - organisations cannot make a telephone call to a consumer to convey in-service telemarketing messages. For text and fax messages, organisations can only use the exemption in narrow and limited circumstances:

First, the organisation must have an on-going relationship with the consumer. Messages from businesses which a consumer does not have any contact with are still disallowed. A one-off transaction is insufficient to establish an on-going relationship. For example, if an individual had given the organisation his telephone number in the course of enquiring about a property listing, buying a television set, or other similar situations, this would not constitute an on-going relationship. An on-going relationship is defined as a relationship between an organisation and a subscriber or user that arises from the conduct of a business or activity on an on-going basis, for example a subscription, membership, or account.

Secondly, organisations can only send messages related to the subject of the relationship with the customer. Take the example of someone with a 3G subscription with a telecom operator. Even with the exemption, the telecom operator may only send messages that are related to the 3G subscription, such as discounts for 3G subscribers to upgrade to 4G plans; the telecom operator cannot send messages that are unrelated to the 3G subscriptions, for example on a standalone pay TV promotion that the same operator is having.

Thirdly, organisations must provide an opt-out facility in the same message allowing the recipient to opt out of future messages through the same mode. If the recipient opts out, or has otherwise indicated to the organisation that he does not wish to receive telemarketing messages, the organisation cannot rely on the exemption to send any future in-service telemarketing message to that telephone number in future, even if it is related to the subject of the on-going relationship.

The intent behind the exemption is to try to meet the preferences of as many consumers as possible. Without the exemption, when individuals register on the DNC, it would be an "all or nothing" choice, either to block or receive all types of telemarketing messages.

The PDPC was guided by consumers' interest and what would be most useful and beneficial for consumers who registered on the DNC Registry. The exemption, with its limited scope, was assessed to be the best approach to try and benefit as many consumers as possible. Now, consumers have the flexibility to choose if they prefer to receive such in-service telemarketing messages, and opt-out if they do not wish to receive these messages. In the US, this issue of whether to exempt telemarketing calls from organisations with existing relationships with customers was the most contentious one, and eventually the decision taken was to allow them.

The PDPC did consider whether the exemption should be structured with an opt-in facility. However, this approach would require individuals with the opposite preference (i.e. those who prefer to continue receiving in-service telemarketing messages) to take one additional step to opt in. Such a system would also have been very complicated for both consumers and organisations.

In reaching its decision, the PDPC had studied the jurisdictions with established DNC Registries. None had structured their Registries with an opt-in facility. In the UK, similar in-service telemarketing SMSes sent to existing customers is allowed so long as there is an opt-out unsubscribe facility. For both the US and Australia, though permitted SMSes are not limited to in-service telemarketing messages made to existing customers, unsolicited telemarketing SMSes are also allowed with an opt-out unsubscribe facility.

I would like to assure the House that PDPC has put in place an extensive outreach and communications programme, for both organisations and consumers. So far, PDPC has reached out to about 55 industry associations whose members amount to more than 27,000 companies. More than 10,000 representatives from 1,600 companies have participated in the public briefings, workshops and seminars and almost all have found these to help in their understanding of their obligations. Consumer education on data protection and DNC related issues has also been ramped up, with resources like videos on how to register with the DNC Registry, consumer handbooks and leaflets made available. PDPC has also been working with partners such as the Consumer Association of Singapore, the Infocomm Development Authority, the National Library Board and the Ministry of Education to conduct talks and road shows for consumers.

Organisations are generally aware of the Personal Data Protection Act and the DNC provisions. Since the DNC Registry provisions commenced on 2 January 2014, about 600 organisations have checked a total of about 37 million telephone numbers against the three DNC registers. There are several cases of non-compliance that PDPC is currently investigating and organisations will be given the opportunity to explain their actions before PDPC decides on the appropriate enforcement approach. None of the cases so far involves in-service telemarketing messages. Regardless, PDPC will take enforcement action for abuses of the exemption given, or for any other breaches under the Act.