New direct marketing act and other proposed amendments to the PDPA
May30

New direct marketing act and other proposed amendments to the PDPA

Key takeaways Singapore’s Personal Data Protection Commission (PDPC) is proposing a new act on direct marketing that will combine the provisions in the Spam Control Act with the Do-Not-Call provisions in the Personal Data Protection Act (PDPA). The new act will also include some changes to streamline the regulations for all unsolicited commercial messages. A new Enhanced Practical Guidance framework has been proposed that will allow the PDPC to provide “determinations” with regulatory certainty on whether specific business activities are PDPA-compliant. A review of the existing exceptions to the consent obligation set out in the Second to Fourth Schedules to the PDPA will be undertaken, with a view to updating them for continuing commercial relevance. The deadline to submit comments on these proposals is 5pm on 7 June 2018. What you need to know about this Public Consultation On 27 April 2018, the PDPC released a Public Consultation Paper with a number of proposed changes to the PDPA. This Public Consultation follows in the wake of two recent public consultations conducted last year which dealt with proposed guidelines on the use of NRIC numbers, enhancements of the way in which data is collected, used and disclosed, and on the introduction of a data breach notification regime. We discuss some of the key proposals of this Public Consultation below. 1. New act to merge direct marketing regulations Unsolicited commercial messages are currently regulated under two Acts – the PDPA and the Spam Control Act (SCA). Presently, the SCA applies to electronic messages (i.e. email and text messages) sent in bulk, while the Do-Not-Call (DNC) provisions of the PDPA applies to marketing messages sent to a Singapore telephone number. The PDPC proposes to merge the SCA and the DNC provisions of the PDPA into a new act that will govern all unsolicited commercial messages, mirroring the approach taken in other jurisdictions such as Hong Kong and the United Kingdom. The new act will also introduce some additional changes including the extension the DNC provisions to all unsolicited marketing text messages sent to Singapore numbers (not just those sent in bulk) and by extending the SCA provisions to unsolicited messages sent through instant messaging platforms (e.g. WhatsApp and LINE). Amendments are also proposed to align the time period afforded to organisations to effect a withdrawal of consent or unsubscribe request from an individual. These changes are intended to reduce ambiguity for organisations in complying with different requirements when sending marketing messages. 2. New Enhanced practical guidance framework The PDPC proposes to introduce a new Enhanced Practical Guidance Framework to supplement the existing general advisory guidelines and guides it publishes. The proposed Framework...

Read More
IMDA releases long-awaited proposed changes to the Films Act
Dec08

IMDA releases long-awaited proposed changes to the Films Act

  On 4 December 2017, the Info-communications Media Development Authority of Singapore (“IMDA”) released its long-awaited public consultation paper on the proposed changes to the Films Act (Cap. 107). Minister for Communications and Information, Yaacob Ibrahim, first indicated in January of this year that the government was looking to amend both the Films Act and Broadcasting Act to take into account changes in technology. One broad theme that emerges from the proposed amendments is the fact that the IMDA is focussing its regulatory efforts on the distribution and public exhibition of films. While changes are also proposed to include digital streaming technology under the regime, the emphasis on “public exhibition” indicates that IMDA is, for the purposes of the current consultation at least, taking a lighter-touch approach to regulating consumer-focussed over-the-top video streaming services. There are several proposed amendments, but this post sets out the four key proposals you should be aware of. Four key proposed changes Formalisation of co-classification scheme. Following successful trials in 2011 and 2015, IMDA now proposes to formalise its industry co-classification scheme. This scheme allows employees of industry players to register and be trained as film content assessors. These industry players will then be allowed to independently co-classify films up to the PG-13 rating through their film content assessors. Safeguards will be put in place to ensure the system is not abused, such as IMDA’s right to conduct sample audits of films that have been co-classified and penalties for misclassification. Introduction of video games class licence. Currently, video games are often submitted for classification by wholesale distributors. For video games classified as M18, point-of-sale requirements are attached to the classification certificate issued by IMDA (e.g. ensuring the games are not sold to under-aged consumers). The downstream retailers that sell the video games to consumers are often not made aware of these requirements, defeating their purpose. IMDA proposes introducing an automatic class licence scheme for retailers that sell video games on physical media (e.g. on DVDs) to make them directly responsible for complying with the point-of-sale requirements. The licence will be automatic with no registration required, and will not involve the payment of any licence fees. Clarification that the films licence is only intended to apply to the distribution and public exhibition of films. IMDA has clarified that its films licensing scheme is only targeted at the distribution and public exhibition of films and is proposing amendments to reflect this. Amendments will also be made to ensure that films publicly exhibited by means of streaming or other digital transmission are also included under this scheme. In determining what is a “public exhibition” requiring a licence,...

Read More
Association of Banks in Singapore updates Guidelines for Outsourced Service Providers
Jun15

Association of Banks in Singapore updates Guidelines for Outsourced Service Providers

On 1 June 2017, the Association of Banks in Singapore (ABS) issued an update to their “Guidelines on Control Objectives and Procedures for Outsourced Service Providers”. The update replaces the first version of these guidelines previously issued on 25 July 2015. Overall, the update involved only minor changes. Nevertheless, these changes indicate a greater emphasis on review, monitoring and control of the outsourced service providers (OSPs). OSPs should take note of this new emphasis as banks and other financial institutions (FIs) will likely look to these guidelines to supplement their own regulatory obligations when engaging OSPs. ABS guidelines in a nutshell The ABS guidelines set standards for OSPs relating to audit and inspection, internal controls (e.g. human resource policies and procedures), IT controls (e.g. physical security policies and disaster recovery procedures) and service controls (e.g. client contracting procedures). The guidelines were first published following the 5 September 2014 release by the Monetary Authority of Singapore (MAS) of two consultation papers relating to outsourcing arrangements of FIs. Likewise, it appears that these updated guidelines follow on from MAS’ 27 July 2016 update of its Guidelines on Outsourcing. The MAS Guidelines on Outsourcing focus on standards FIs should adopt when engaging OSPs. The ABS guidelines, however, appear intended to address the other side of this coin by giving guidance to OSPs themselves on the minimum standards they should implement when dealing with FIs. Minor changes but greater emphasis on review, monitoring and control OSPs can take comfort in the fact that the ABS guidelines remain largely unchanged from their 2015 iteration. The entity level controls, general IT controls and service controls imposed by the 2015 guidelines do not see significant changes to their content. The most significant change is that the OSP’s controls should be “reviewed and updated at least every 12 months”. This requirement is newly included in Section II(e) on Backup and Disaster Recovery, Section II(f) on Network and Security Management and Section III(a)(2) on Setting up of New Clients/Processes. There is also a new focus on reporting substantial changes and adverse developments to the FIs. The section on frequency of external audits has also been updated. Previously, it was recommended that audits be conducted every 12 months with the sampling data covering a period of 12 months. The updated ABS guidelines now provide that the sample data should cover the entire period since the last audit, with a minimum period of 6 months and with reasons provided if the period covered is less than 6 months. What this means for OSPs While relatively minor, the changes suggest a greater focus on review, monitoring and control of the outsourcing...

Read More