How does PDPA differ from the Spam Control Act? | PDPA FAQs - PDPA Singapore Checklist to Comply PDPA: The Complete PDPA Compliance Guide for Business & Companies in Singapore

The Spam Control Act (SCA) sets out a framework to manage unsolicited commercial electronic messages sent in bulk through electronic mail, text and multimedia messaging, otherwise known as “spam”. The SCA requires organisations to, among others, provide an unsubscribe facility within the spam message and include a header in the subject field of the message or where there is no subject field, as the first words in the message.

While the SCA manages the sending of spam messages, the PDPA sets out rules governing the proper collection, use and disclosure of personal data, which would include contact information of an individual. Under the PDPA, organisations are required to obtain consent for a stated purpose to collect, use or disclose the personal data of an individual, and safeguard such data, unless exceptions apply.

In addition, the provisions relating to the DNC Registry in the PDPA allow individuals to opt out of marketing messages (voice calls, SMS/MMS or fax) delivered to a Singapore telephone number. Organisations are generally prohibited from sending marketing messages to Singapore telephone numbers registered with the DNC Registry unless they have obtained clear and unambiguous consent in written or other accessible form from the user/subscriber to the sending of the message, or if the organisation can rely on the Personal Data Protection (Exemption from Section 43) Order 2013 or any other exclusions.

In relation to the sending of spam messages, the PDPA applies to the collection, use and disclosure of individuals’ contact information for such purposes, while the SCA governs the manner in which the spam message may be sent. These frameworks will operate concurrently.

How does PDPA differ from the Spam Control Act? | PDPA FAQs