What are the key email privacy laws in the APAC region?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
If your list has any APAC subscribers, you're likely dealing with multiple opt-in consent requirements. Unlike CAN-SPAM's opt-out model, most APAC laws require permission before you send.
Australia's Spam Act 2003 is one of the strictest. It requires consent (express or inferred from a business relationship) before sending commercial messages, accurate sender identification, and a working unsubscribe. ACMA (Australian Communications and Media Authority) enforces it actively with significant penalties. Singapore's PDPA (Personal Data Protection Act) requires consent for marketing and makes senders check a national Do Not Call Registry before sending. Japan's Act on Regulation of Transmission of Specified Electronic Mail requires opt-in for most commercial email, with additional provisions for mobile messaging.
India's DPDP Act (Digital Personal Data Protection Act, 2023) creates consent requirements with notice, purpose limitation, and individual rights for personal data processing. South Korea's PIPA (Personal Information Protection Act) requires explicit consent and has strict rules on cross-border data transfers, which can affect how you use ESPs that process data outside Korea.
APAC laws differ in their specifics, but they all lean toward opt-in. The safe practical approach: treat your entire APAC list as requiring consent and don't assume any commercial relationship counts as permission without checking the specific law. Australia and South Korea are the ones most likely to generate enforcement action.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.