This FAQ, together with the summary of the relevant requirements of the UEMO, illustrations and advice, is for general reference only. Readers should refer to the provisions of the UEMO for a complete and definitive statement of the law.
Section 15, 16 and 17 of the UEMO prohibits the supply, acquisition and use of address harvesting software and harvested address list in connection with the sending of commercial electronic messages without the consent of the recipients. If the relevant distribution list is a harvested address list, the supplier will be liable under section 15 (for supply of harvested address list), while the telemarketer may be liable under section 16 and/or 17 (acquisition and/or use of the harvested address list). It is a defence for a party to prove that he has taken all reasonable precautions and exercised all due diligence to avoid the commission of the offence.
Even though the list supplier may have closed its business, section 60 of the UEMO provides that the director, officer or other person who, at the time of the offending act was done, was responsible for the internal management of the company/organization, can also be liable for the offending act. So even if the company of the list supplier ceases to exist, the relevant director of the list supplier may still be liable.
Section 9 of the UEMO stipulates that the unsubscribe facility must allow the recipient to be able to send an unsubscribe request to the individual or organization who authorized the sending of the message. So the starting point is that the party who authorized the sending of the message should be responsible. Nevertheless, the parties may have other commercial arrangements, such as the telemarketer outsourcing the whole promotional campaign to a supplier, and the liability may need to be considered in view of the contractual arrangement.
Both the employee and the employer may be liable. According to section 59(1) of the UEMO, any act done or conduct engaged in by an employee shall be treated (for the purpose of the UEMO) as done or engaged in by him as well as by his employer, whether or not it was done or engaged in with the employer's knowledge or approval. For possible defences, please refer to section 59(3) and section 59(4) of the UEMO respectively.
If the message is sent by one branch of an entity, the message should be considered as being sent by that entity. If the unsubscribe request is made by a recipient to only one branch of an entity, the unsubscribe request should be considered as being made to that entity and therefore the other branches of that entity should not send any further commercial electronic messages to that recipient.
Sometimes, the entity may provide options for the recipient to choose to unsubscribe from messages to be sent from its different branches. In the circumstances, that entity should at least provide an option for the recipient to unsubscribe from all commercial electronic messages to be sent by that entity or any branch of that entity.
May not be. Under section 59(3) of the UEMO, it is a defence for the telemarketer to prove that it has taken practicable steps to prevent the agent from contravening the UEMO. In determining whether practicable steps have been taken by the telemarketer, all relevant facts and evidence will be taken into account and considered by the CA on a case-by-case basis. Telemarketers are advised to take other practicable steps apart from just signing a contract (if there is any such step) in order to prevent the agent from contravening the UEMO.
Both you and your agent may be held liable. According to section 59(2) of the UEMO, any act done or conduct engaged in by your agent shall be treated as done or engaged in by him as well as by your company. You should therefore take such steps as are practicable to prevent the agent from breaching the UEMO.
The purpose of inclusion of the sender information is to allow the recipients to identify the senders who initiate the promotional activity. Normally "sender" of a commercial electronic message refers to the individual/organisation that promotes the product/service and not the individual/organisation which merely sends the message. In the cases where only the sending process is outsourced, it is expected that the organisation which authorises that sending of the message should be identified. However, there can be exceptions to this, for example, a reseller/an organisation who offers products (from another product supplier) to its own customers/members would need to provide its own information (instead of information of the product supplier) as the sender information in the message. Each case should therefore be judged on its own facts.
Section 13 of the UEMO requires that the sender shall not conceal or withhold the CLI of the sending number. There is no requirement in section 13 that the CLI should be the same as the number making the phone call. However, it should be noted that the sender is prohibited under section 24 of the UEMO from falsifying header information including CLI in multiple commercial electronic messages that have a Hong Kong link. In addition, according to section 8 of the UEMO and section 5 of the UEMR, the commercial electronic message must include the contact telephone number of the party who authorised the sending of the message.
In relation to the electronic address from which messages are sent, the UEMO prohibits:
Section 5 of the UEMR requires that the sender must include a contact email address in an email message, but it does not require that the contact email address must be the email account from which the message was sent out.
Under section 9(1) of the UEMR, an email message must provide an unsubscribe facility which is capable of receiving an unsubscribe request transmitted from the telecommunications device that is used by the recipient to access the email (e.g. an email address, a web page or a web address). However, the UEMR does not require that the email address serving as the unsubscribe facility must be the email account from which the message was sent out.
Section 5 of the UEMO has provided a definition of consent in relation to the sending of a commercial electronic message. The mere acquiescence to a statement in a message is not considered sufficient to infer consent. A positive indication by the recipient is required (such as pressing a consent button in a web page, sending a reply email/fax/SMS, etc.) before the sender can claim that he/she has obtained consent from the recipient.
In the circumstances that the recipient does not reply to the message (and therefore does not consent or object to receiving further messages), the sender is allowed under the opt-out regime to continue to send messages to the recipient until the recipient raises an unsubscribe request.
The definition of consent in relation to the sending of a commercial electronic message is given in section 5 of the UEMO. The issue of this question is whether consent can be reasonably inferred from the conduct of exchanging business cards and this must be determined on a case-by-case basis. However, here are two general examples to illustrate the concept of "reasonable inference". If an exhibitor displays a clear message on top of the name card collection tray, saying that they will send further product information to those who left their name cards, it may be reasonable to infer that consent has been given by the persons who left their name card to receiving further messages from the exhibitor. On the contrary, if the name card collection tray does not have such message, it may not be reasonable to infer that consent has been given by the persons who left their name cards (as these persons may simply want to receive free gifts by leaving their name cards).
Section 16, 17 and 18 of the UEMO prohibits the use of address-harvesting software or harvested address list or automated means to generate electronic addresses in relation to the sending of commercial electronic messages. If the database or part of the database is not created/collected from one of these sources, it would not be a breach of the UEMO. However, if you are not certain about the source of the electronic addresses, you should take reasonable steps to ensure to the database does not contain address from those contravening sources. Otherwise, you are encouraged to seek the consent of the registered user of the electronic addresses before sending further commercial electronic messages.