PDPA vs Spam Control Act

One of the most frequently asked questions about the Personal Data Protection Act or PDPA guidelines is how it is different from the Spam Control Act. In this article, we will summarize the provisions of the PDPA guidelines and the Spam Control Act and show how they differ from each other.


The PDPA was implemented into full effect on the 2nd of July, the year 2014. It is a law that governs the collection, usage, and disclosure of personal data by all private organizations.

Specifically, it aims to do the following:

  • To protect the personal data of all citizens against the unlawful use of their personal information by private organizations and companies.
  • To make individuals aware of their right to be informed of why they need to give out their personal data and how organizations are making use of it. Plus, these individuals should also have the power to control how their personal data is utilized.
  • To improve Singapore’s competitive advantages for data hosting and management.
  • To strengthen Singapore’s image as a secure location for personal data management and storage.

Spam Control Act

The Singapore Spam Control Act of 2007 was launched to overcome the growing problem of spam messages in the country. The framework and substantive details of the Act were developed by the IDA or the Info-communications Development Authority of Singapore and the Attorney-General’s Chambers of Singapore in consultation with the public citizens.

Specifically, it aims to do the following:

  • To regulate unauthorized messages which are most often presented as commercial messages sent through email, multimedia messaging or mobile numbers.
  • To ensure that companies, organizations, and brands should take serious measures to protect and prevent their images from an unauthorized appearance in Spam.
  • To require the organizations to provide an unsubscribe facility together with the spam messages and include a header in the subject field of the message or where there is no subject field, as the first words in the message.

How are they different from each other?

Here are the key differences between equally important laws in protecting personal data.

  1. The Spam Control Act is in charge of managing the sending of spam messages. On the other hand, the PDPA implements the rules and regulations that cover the collection, use, and disclosure of personal data. This personal data includes the contact information and address of a specific person.
  2. The Spam Control Act can’t control the people who are being sent these spam messages but the PDPA allows individuals to opt-out of marketing messages from brands, companies, and organizations. This is because companies in Singapore are not allowed to send marketing messages to local mobile numbers unless they have acquired the consent to do so.
  3. Last but not the least, as mentioned beforehand, the PDPA covers the collection, use, and disclosure of an individual’s contact information. On the other hand, the Spam Control Act is in charge of the manner in which the spam message may be sent. These frameworks will operate concurrently.


Leave a Reply

Your email address will not be published. Required fields are marked *