An Overview to the Unsolicited Electronic
Messages Ordinance (“UEMO”)
To effectively contain and regulate
the issues regarding unsolicited electronic messages,
including those business-soliciting pretexts and
uninvited fax advertisements, the UEMO and the
Unsolicited Electronic Messages Regulations (“UEMR”)
were enacted in 2007 and came into force in two phases.
The first phase, concerning Part 3 of the UEMO (use of
unscrupulous practices to reach out to more recipients)
and Part 4 (fraud and other illicit activities in
relation to sending commercial electronic messages),
commenced on 1st June 2007. The second phase,
mainly concerning Part 2 of the UEMO on rules of sending
commercial electronic messages (e.g. the requirement to
provide sender information, to honour unsubscribe
requests as well as the do-not-call registers (“DNCs”)),
commenced on 22nd December 2007.
Scope of UEMO
The UEMO regulates the sending of
“commercial electronic messages” with a “Hong Kong
link”. “Commercial electronic messages” are defined as
electronic messages with purposes to offer or supply
goods, services, facilities, land, business opportunity
or advertise or promote a supplier of goods, services,
facilities, land, business opportunity etc, in the
course of or in the furtherance of any business.
A “Hong Kong link” refers to those
electronic messages which are:-
-
originated in Hong Kong
(i.e. sent off by someone physically present in Hong
Kong, or otherwise by a Hong Kong entity);
-
received in Hong Kong
(irrespective of nationality of the recipient);
or
-
sent to a Hong Kong
telephone or fax number (irrespective of whether the
number is being used in Hong Kong or has been roamed
outside of Hong Kong).
Exceptions are extended to certain
messages, including person-to-person telemarketing calls
and sound broadcasting or television programme services.
Compliance with UEMO when using commercial electronic
messages – perspective for the industry
Part 2 of UEMO governs the sending of
commercial electronic messages. While preparing the
contents of the message, senders should include the
sender’s information for potential recipients to
effectively identify who the senders are. The sender’s
information should be valid for at least 30 days after
the message is sent off. Senders should also provide
unsubscribe facility, in “clear and conspicuous manner”,
in which the senders should be capable of receiving
unsubscribe requests within 30 days after the message is
being sent off. The unsubscribe request should be
available free of charge and convenient for recipients
to use. The unsubscribe requests should be honoured
by senders upon 10 days of receipt and that record of
unsubscribe requests should be retained for at least 3
years.
Additionally, Part 3 of UEMO
prohibits the use of automated means or
address-harvesting software. In the course of preparing
a target address list, the sender shall ensure that:-
-
no
address harvesting software are used in
facilitating the sending of messages;
-
no
automated means should be used when obtaining
addresses (e.g. dictionary software in generating
potential emailing lists);
-
no
addresses are coming from a harvested list; and
-
no
messages are sent to addresses from which unsubscribe
request has been received, or which the electronic
address was listed in the DNCs.
Part 4 of UEMO provides a maximum
penalty of 10 years imprisonment for fraud and
illicit activities related to transmission of commercial
electronic messages. Senders should refrain from
initiating transmission of multiple commercial
electronic messages with intent to deceive or mislead
recipients or use falsified headers in the
electronic messages. Registrants who used information
that falsifies the identity of the actual registrant
would also attract criminal liability pursuant to
section 25 of UEMO. Under this part, multiple commercial
electronic messages denotes the transmission of more
than 100 commercial electronic messages during a 24-hour
period, or more than 1000 commercial electronic messages
during a 30-day period.
Management Responsibilities
The UEMO provides that employers and
principals are vicariously liable to acts done by their
fellow employees and agents. Any act done or conduct
engaged in by an employee shall also be treated as done
or engaged in by his employer as well as by him, in
disregard of the employer’s knowledge or approval.
Companies and organizations should bear in mind that any
act done or conduct engaged in by an agent or an
outsourced third-party will be treated as done or
engaged in by the principal.
Furthermore, the directors of the
company, partners in the partnership or officer in an
organization who is responsible for internal management
of the organization shall be presumed to have done the
act of the organization where the act done constitutes
an offence under the UEMO.
The Do-Not-Call Registers (“DNCs”) –
perspective of recipients
By registering his telephone or fax
numbers to the DNCs, the registrant has in effect opted
out from receiving further commercial electronic
messages at his telephone or fax number from all
senders. Senders are prohibited from sending further
commercial electronic messages to these registrants who
are listed in the DNCs for 10 working days or more,
unless they otherwise obtain specific consents from the
registers user of the telephone or fax number.
The Office of Telecommunications
Authority (“OFTA”) has set up three DNCs for Fax,
Short Message (for Short Messaging Service (SMS)
and Multimedia Messaging Service (MMS) messages) and
Pre-recorded call (for pre-recorded voice, sound,
video and image messages) respectively.
Currently there are no registers for
email addresses. Alternatively, an unsubscribe
request could be made and sent to electronic
messages senders so that no further messages would be
received from these senders. Senders are bound by law to
honour these requests and to cease sending off messages
10 working days after receipt of a request. The
unsubscribe requests must also be kept by individual
senders for a minimum period of 3 years.
Information obtained from the
unsubscribe requests or the DNCs should only be used for
compliance with the UEMO and UEMR. Those who fail to
comply with such requirement will be subject to penalty
under the UEMO, with a 5-year maximum term of
imprisonment.
Complaints and Penalties
Complaints and suspected breaches of
the UEMO and UEMR may be reported to the OFTA for
enforcement actions. The online report form is available
at the OFTA website
www.ofta.gov.hk/en/enq_help/uem.html. The OFTA is
responsible for the service of enforcement notice to the
relevant bodies should contravention of UEMO and UEMO be
discovered.
For first conviction of any
contravention under Part 2 (rules regarding sending
commercial electronic messages), there is liability for
a fixed penalty up to HK$100,000 which would be raised
up to HK$500,000 for the second and subsequent
convictions. For contravention of Part 3 provisions (use
of unscrupulous techniques in reaching out recipients),
there will be a fine of up to HK$1,000,000 and
imprisonment up to 5 years for conviction on indictment.
Contravention of Part 4 provisions (fraud and illicit
activities) attracts a maximum term of imprisonment for
10 years, for conviction on indictment.
