Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Back
LinkedIn Created with Sketch. Twitter Created with Sketch.
18 January 2024

Singapore: PDPC issues SGD 48,000 fine to Mobile Chat for breach of Consent and Purpose Limitation Obligations

ConsentFinesPrivacy Law PrinciplesTelecommunications and Electronic Communications

On January 17, 2024, the Personal Data Protection Commission (PDPC) published its decision in Case No. DP-2111-B9135, in which it issued a fine of SGD 48,000 (approx. $35,720) to Koh Wei Ming @ Muhammad Amin Koh (trading as Mobile Chat) for violation of the Personal Data Protection Act (No. 26 of 2012) (PDPA), following an investigation.

Background to the decision

In particular, the PDPC outlined that it received 1,391 complaints, between February 2020 and September 2021, from members of the public who received marketing messages, despite their numbers being registered with the Do Not Call Register (DNC Register). The messages were traced to 95 prepaid SIM cards purchased from Mobile Chat.

Findings of the PDPC

The PDPC found that Mobile Chat exploited the registration process of the SIM cards to use their customers' personal data without consent to register for additional prepaid M1 SIM cards that customers did not intend to purchase.

During the investigation, Mobile Chat admitted that the purpose was to earn extra money from the unauthorized sale of the preregistered SIM cards. In particular, PDPC highlighted that within the four years of selling such SIM cards to anonymous purchasers, Mobile Chat is estimated to have made a profit of approximately SGD 35,000 (approx. $26,050).

Moreover, the PDPC noted that the affected personal data collected and used by Mobile Chat to register the illicit SIM cards included the personal data of 73 individuals including the customers' names; their addresses; and their NRIC, FIN, or passport numbers. However, the PDPC highlighted that based on Mobile Chat's admission that they had sold an average of 250 prepaid SIM cards annually over four years, it is likely that the personal data of approximately 1,000 individuals was affected.

Based on the investigation the PDPC found that Mobile Chat breached:

  • the consent obligation under Section 13 of the PDPA; and
  • the purpose limitation obligation under Section 18 of the PDPA.

Outcomes

In light of the above, the PDPC imposed the abovementioned fine on Mobile Chat for the above violations.

You can read the press release here and the decision here.

Company

Our Policies

Your Rights

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.