個人資料保護辦公室

Gabinete para a Protecção de Dados Pessoais

Office for Personal Data Protection

Complaint Case Notes
Print

No: 0045/2012/IP

Title: Sending promotional messages

Reason: Complaint and report

Brief:

    A number of citizens reported that they received promotional messages sent by mobile App W.   The entities being reported included Company K, X, Y, which sent out messages to promote their courses, and others that sent out other types of promotional messages. 
  Their legitimacy in sending out these messages was questioned; after the recipients refused receiving, the messages still continued. In the current case, the course that Y organized aimed at teaching students to use the personal data of a third party to send out promotional messages.  The citizens believed that they had violated the Personal Data Protection Act, or PDPA, and therefore they filed a complaint with the GPDP (Office for Personal Data Protection).
  (Note: another nine cases were also combined into the current case)

Analysis:

    In Bureau L’s reply, A, B and C were the shareholders of Company K.  Later, C sold his shares to N.
  The complaints suspected that, Company K, A and B, as well as the entities that sent out the course promotional messages and other messages did not establish legitimacy for their messages.   In addition, these messages revealed that they were either sent by numbers of Mainland China or by the App W accounts that registered with local numbers.
  In regard the users of the App that registered with Mainland numbers, the GPDP does not have the legal competence to investigate their account identities.  But the user accounts that registered with a local number were not registered with the local telecommunications authority.
  X confessed that he used number X to send out the messages, but pointing out that they were sent, personally, to his friends, and were before the establishment of Company K.  The complainants pointed out that they did not know X, however, it was difficult for the GPDP to confirm their personal relationships.  Moreover, no information specified that X obtained the complainants’ number illegally.  If the current case was a situation of Article 3(2) of the PDPA, then this Law was not applicable.
  Y confessed that once he had asked his friend, who was in China, to send out the messages to promote the course.  The databases that contained the recipients’ numbers located in Mainland China, where was the messages sent out as well.  Y, himself, did not retain any numbers of the database nor sent out the messages himself.  At that time, Y, therefore, was processing the data as a natural person and the whole process of the processing (including the respective database, location where the messages were sent out and the place where the processing took place) did not take place in Macao, which made the GPDP has no competence to follow up.
  Some of the complaints pointed out that even their rights to object was exercised, they kept receiving the messages, which showed that their right to object, as laid down by Article 12(2) of the PDPA, was not respected.  Since at present it is not possible to prove the said messages were sent out by the complainees and the messages were sent out by different app accounts, which registered with different numbers, it was impossible to justify that the messages were sent out by the same entity despite they were of the same content.  As consequence no evidence supported that that the right to object was not satisfied.
  Y pointed out that while he was teaching the course, he was cooperating with someone to obtain the customer databases of others.  In fact, it was impossible for the GPDP to confirm the course content, and whether obtaining others’ databases through cooperation was contravening the PDPA has to be analyzed with the cooperation details, like the mode of cooperation or how the cooperation took place.
  According to the screenshots provided by the complaints to the GPDP, the messages mentioned Company K’s activities, promotions of other products or services, etc., which were commercial text messages.  The involved parties might have violated the terms and conditions of App W, which specified that “I agree that…this will not be used for commercial purposes”.  After the GPDP contacted the company of App W in US for a number of times, cooperation mechanism has been established.  In future if complaints of the same nature are received, the messages will be referred to Company C to handle.
  To sum up, no evidence available supported that there existed violations of the PDPA.

Result:

    The GPDP has closed this case and informed each involved party the investigation outcome.

Reference:
Please refer to “Personal Data Protection Act”, articles 3, 4 and 12.

Back

Avenida da Praia Grande, N.º 804, Edif. China Plaza, 17.º andar, Macau Tel:(853) 2871 6006 Fax:(853) 2871 6116