Definition of Commercial Electronic Message and Obtaining Permissions
Commercial electronic message is defined at Article 2 of the Law and Article 4 of the Regulation. According to the definition set forth at both these articles, a commercial electronic message is “a message sent for a commercial purpose, through electronic mediums such as telephone, call centers, fax, auto-dial machines, smart voice recording systems, e-mails or sms that includes data, voice and video”. Although a general definition is provided with these articles, it be be difficult for individuals and companies to determine which messages will be deemed as commercial electronic messages. Since commercial electronic messages can only be sent to recipients with their prior approval as per Article 6 of the Law, determining which messages will be deemed as commercial electronic messages is crucial.
In order to resolve this ambiguity, Article 5 of the Regulation was amended to include a comprehensive definition of commercial electronic messages. According to this Article 5, commercial electronic messages are further defined as “messages sent to electronic communication addresses of recipients, for the purpose of promoting or advertising a product, service or business, and/or to increase the reputation of a such through content including a greeting or wish”. Therefore, any electronic message that falls within the scope of this definition shall be deemed as a commercial electronic communication and use/submission of such shall be subject to the prior approval of the relevant recipient.
As noted above and as stipulated by Article 6 of the Law, prior consent of the relevant recipient is required in order to send commercial electronic messages to a specific recipient. This consent can be obtained via any electronic communication medium as well as in written form. However, it is also important to consider that the Personal Data Protection Act No. 6698 (PDPA) and the Law have conflicting provisions regarding the consent required from the recipients. This conflict between the two laws became even more palpable following the Data Protection Board’s recent decisions. Thus, it is vital for service providers to comply with both the PDPA provisions regarding explicit consent and the provisions of the Law regarding prior approval when obtaining the approvals from recipients.
Electronic Message Management System & Obligation to Register
Even though the rules and procedures for the use of commercial electronic messages are clearly designated at the Law and the Regulation, the regulators observed that these rules failed to make the desired impact in practice, as the recipients often lost track of their approvals given to service providers, and the service providers continued to exploit this confusion and kept on sending CEMs to recipients without approvals. To overcome these issues and to ensure that the service providers comply with the regulations, a new electronic system, the Electronic Message Management System (EMMS), aiming to centralize marketing contents, was introduced with the recent amendments to the Regulation.
This EMMS can be summarized as a national approval registry, similar to the National Customer Preference Register (also known as Do Not Call/Disturb Registry). The system aims to collect all CEM approvals in a single database accessible both by the service providers and the recipients, allowing the recipients to easily view and manage their approvals provided to various service providers. It also allows the recipients to file complaints against unlawful CEM usage by any service provider.
In order to allow the recipients to easily check, verify and manage their approvals through the system and for the system to be a national database for such approvals, the amendment to Article 5 of the Regulations implemented a mandatory registration process for all service providers that uses commercial electronic messages. Accordingly, service providers are required by the legislation to register to the system and upload all approvals they obtained from recipients into the system, in order to be able to send CEMs to the relevant recipients. Any CEM usage towards a recipient without a valid approval registered in the system shall be unlawful as per Article 5/3 of the Regulation.
Definition of Service Providers and the Applicability of the Requirement to Register to the Electronic Message Management System
The phrase “service providers” caused a somewhat confusion amongst those that wish to use CEMs to promote their products, businesses or services, which led to some of them to wrongfully believe that this requirement to register did not apply to them. The reason for this confusion arises from the definition of service providers stated in the Regulation which defines it as “natural or legal persons who are conducting electronic commerce activities”. Although it is possible to interpret this definition in such a way to assume that this requirement will not be applicable to those who do not conduct any electronic commerce activities, Article 5/2 of the regulation expands the scope of applicability even further by stating that registration to EMMS shall be mandatory to all individuals and legal persons who want to use/send CEMs.
Thus, all individuals and companies that want to use/send commercial electronic messages to their customers’ electronic messaging addresses for the purposes of promoting, advertising or otherwise increasing the reputation of their business, product, service and/or brand, including messages that include celebratory content, greetings and/or wishes, shall be required to register to this Electronic Message Management System and shall also be required to upload any approvals they have already obtained from any recipient. Any individual or company that fails to register to the system or unlawfully uses CEMs towards any recipient without an approval registered in the system may be liable to administrative fines based on the Law and the PDPA.
The deadline for mandatory registration to the EMMS was initially determined as May 31, 2020. However, due to the Covid-19 outbreak and the adverse effects it had over the businesses and the interruptions in daily life, this deadline was recently extended until August 31, 2020. Accordingly, service providers are required to finalize their registration into the Electronic Message Management System and upload any and all approvals they have already obtained from recipients into the system on or before August 31, 2020.
Validity of Approvals Obtained Prior to Registration
The Electronic Message Management System will provide a much-needed improvement in managing approvals given for electronic communication. Accordingly, this national and centralized system will allow for service providers and recipients to manage the approvals with ease, and it also simplifies the obligation of the service providers to record and track approvals (opt-in) or rejections (opt-out). Although the system will have numerous benefits once it is established, service providers are unsure whether they will be allowed to continue to send CEMs to recipients who have already provided their approval prior to the registration into the System.
It should be noted here that the Regulation is quite clear about the procedures for such prior approvals. As mentioned above, service providers are required by the Law and the Regulation to finalize their registration into the EMMS and to upload all approvals they have already obtained from recipients into the system on or before August 31, 2020. Once these prior approvals are uploaded into the system, the recipients will have until December 1, 2020 to check, verify, and/or cancel any of their approvals via the system. If the recipients do not cancel/revoke one or more of their approvals within the give time period, then any approval that is not cancelled/revoked shall be deemed to have been accepted by the relevant recipient and the service providers can lawfully continue to send CEMs to them. As a result, if the service providers fail to upload the prior approvals into the Electronic Message Management System, or if the recipients revoke their approvals via the system on or before December 1, 2020, service providers will be required to cease all commercial electronic message submission to those recipients.