Innocuous marketing messages or illegal spamming? Is your organisation compliant with Hong Kong’s anti-spam law?

Hong Kong’s anti-spam legislation, the Unsolicited Electronic Messages Ordinance (UEMO), came into force in 2007.  Recent activities by the regulator, the Office of the Communications Authority (OFCA), demonstrate the importance of compliance with the UEMO, not least in light of OFCA's recent statement that it is “committed to taking prompt and proportionate enforcement actions to enforce the UEMO”.

In June 2015, a court order was made in relation to inappropriate use of mobile messaging apps by a tutor referral service, highlighting that the UEMO does not only apply to traditional SMS/MMS, fax, voicemail or email marketing messages, but also messages sent through mobile apps (such as Whatsapp).  In January 2016, OFCA carried out a successful raid operation against the sender of commercial and promotional fax messages, following a suspected contravention of the UEMO. 

Organisation-wide familiarity with the UEMO is key to ensuring compliance and avoiding potentially hefty sanctions and reputational risks.

Hong Kong anti-spam law at a glance

The UEMO places restrictions on the distribution of unsolicited electronic marketing messages:

1. with a commercial purpose: ie whose purpose is to advertise, promote or offer any goods, services, business opportunities, or the sender organisation itself, in a commercial context
2. sent over a public telecommunications service – including pre-recorded voice messages sent to telephones, SMS or MMS text messages, faxes, emails or mobile apps (but does not include person to person telemarketing calls), and
3. that have a “Hong Kong link”.  A commercial electronic message (CEM) will be considered to have a “Hong Kong link” if: (i) it originates in Hong Kong; (ii) is received in Hong Kong (ie the sender or recipient is physically located in Hong Kong or is carrying on a business in Hong Kong, or the device used to access the message is located in Hong Kong, irrespective of whether the recipient is a Hong Kong resident or if the message is sent from another country if received inside Hong Kong); or (iii) is sent to a Hong Kong telephone or fax number (irrespective of whether the number is used in Hong Kong or has been roamed outside of Hong Kong).

Direct marketing through person to person telemarketing calls (cold calling) and hard copy promotional materials sent by post or by hand are not caught by the UEMO rules, notwithstanding calls in recent years to the Government to extend the rules. There are other exemptions, including: on demand or subscription services, and messages confirming an already agreed commercial transaction (such as invoice, delivery or upgrade messages).

To be lawful under the UEMO, a CEM must:

1. clearly identify the sender by including the specified contact information in the prescribed languages
2. clearly and conspicuously include an unsubscribe facility (which should be honoured by the senders within 10 days of receipt) and accompanying explanation in the recommended format. Note that the UEMO regime works on an opt out basis
3. not contain a misleading subject heading (if an email message)
4. not conceal the calling line identification number (if a telephone or fax message), and
5. not be sent to those who have signed up to the relevant “do not call” registers unless consent from the recipient is obtained.

The UEMO regime prohibits the use of “unscrupulous techniques” to expand the reach of CEMs, as well as fraud and other illicit activities related to the sending of multiple CEMs.

Contravention of the requirements under the UEMO may attract enforcement notices, fines and/or imprisonment, depending on the offence in question and whether or not a previous offence has been committed by the organisation.  Civil claims may also be brought, and companies as employers are vicariously liable for their employees’ and agents’ non-compliance with the UEMO.

Click here for a more detailed overview of the UEMO framework.

What does this mean to you as an organisation?

The recent raid operation serves as a timely reminder that organisations sending unsolicited electronic messages must take care to ensure compliance with the UEMO rules, and the court action last year reinforced its relevance to newer technologies such as messaging apps.  Therefore, as an organisation, it is prudent to:

1. take this opportunity to remind your employees and agents of the rules and how to comply with them when engaging in marketing activities
2. be extra careful when using automated systems to generate CEMs in particular to ensure you do not fall foul of the “do not call” registers, and
3. keep up-to-date with any developments and seek advice if there is uncertainty around the compatibility of new technology with the UEMO.  In particular, mobile app developers should consider carefully systems designs to prevent apps being abused by allowing users to send unsolicited commercial messages. 

Finally, alongside the UEMO regime, organisations should not forget the direct marketing rules set out in the Personal Data (Privacy) Ordinance when undertaking direct electronic marketing (i.e. marketing to specific individuals). (For an overview, click here.)