What are Asia-Pacific frameworks (Singapore, Japan, India)?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Three more countries to know if you're sending to APAC audiences.
Singapore's PDPA (Personal Data Protection Act) requires consent before you collect and use personal data for marketing. It also maintains a national Do Not Call Registry: if someone's number is registered, you can't message them even if you have other consent. Organizations in Singapore and those processing Singapore residents' data are both covered.
Japan's Act on Regulation of Transmission of Specified Electronic Mail requires opt-in consent for most commercial messages, with limited exceptions for existing business relationships. Japan also has specific rules for mobile messaging, and penalties can include criminal liability for individuals, not just corporate fines.
India's DPDP Act (Digital Personal Data Protection Act, 2023) requires consent for personal data processing with notice obligations, purpose limitation, and individual rights including access, correction, and erasure. The law is still developing implementing regulations, so some specifics are still being clarified. But the consent requirement is clear.
All three lean toward opt-in. If you're sending to any of these countries, treat them the same as Australia: don't send without consent, and don't assume a commercial relationship counts as permission without confirming what the specific law requires.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.