Data-protection law to cover all text messages

Consumers with Singapore telco subscriptions may be able to opt out of receiving intrusive marketing messages sent through smartphone applications, after the national Do-Not-Call (DNC) registry is set up.

These apps will include popular ones such as WhatsApp Messenger.

The Ministry of Information, Communications and the Arts (Mica) had previously proposed that the DNC registry would cover only SMSes, MMSes, faxes and phone calls.

Under proposed data-protection legislation to be introduced in the third quarter of this year, individuals may also have their personal data protected for up to 10 years after their death.

These are some of the details that Mica is proposing in the draft Personal Data Protection Bill.

The first reading of the Bill in Parliament is slated for the third quarter.

Mica will hold a third round of public consultations on these proposals from now until April 30. The DNC registry is slated to start operations by the end of next year.

There is currently no overarching consumer-privacy law in Singapore, only specific regulations in three areas - banking, telecommunications and health care.

The legislation aims to protect one's personal information and prevent it from being collected indiscriminately and used for marketing purposes.

Companies will not be able to contact consumers who register their numbers in the registry.

The new legislation will apply to all companies - even those located overseas - that collect, use or disclose the data of consumers here.

Mica admitted that it will be difficult to enforce the legislation when it comes to companies abroad, but said it is working with partners overseas and will depend on bilateral agreements and relationships with overseas regulators.

There are key exemptions to the rules.

These include data used for police investigations and information used by news organisations for news activities.

Personal information collected for evaluation to determine suitability for employment or school entry, medical emergencies, research, artistic and literary purposes will also be excluded.

Companies will have 18 months to conform, from the time the legislation is passed to the time it takes effect.

A Data Protection Commission will be set up to investigate and penalise companies suspected of misconduct, even if no complaint has been lodged. The maximum fine is set at $1 million.

For more my paper stories click here.

Become a fan on Facebook