How should companies maintain their business ethics while using SMS communication with their customers, so as not to be penalized for breaking the law? For humanitarians at NPOs, are there guidelines to follow when using mass SMS for disaster relief missions? For the consumer, when SMS marketingturns into spam, what could you do to stop the nuisance?


For companies and business owners

Businesses that use SMS as a means of communication with their customers should observe codes of conduct of the industry, and abide by the personal data protection laws in their respective countries. Failure to comply with the regulations may result in a penalty in terms of fines and service suspension. The most fundamental aspects are obtaining user’s consent and providing an opt-out option.

Regulatory authority in Japan: Businesses using SMS broadcast are required to comply with the Act on Regulation of the Transmission of Specified Electronic Mail enforced by the Ministry of Internal Affairs and Communications (MIC), which specifies that consent must be obtained from the user, and the user must be provided with the option to opt-out from future communications.

Regulatory authority in Malaysia: Businesses who retain their customers’ personal data are required to comply with the Personal Data Protection Act 2010 (Act 709) enforced by the Department of Personal Data Protection, which specifies that consent must be obtained before an individual’s data can be processed and that in general personal data should not be transferred outside Malaysia. In addition to that, SMS and mobile contents are regulated by the Malaysian Communications and Multimedia Commission (MCMC), where the charges of the SMS must be stated. In the event of a free SMS sent to a customer, the text “RM0.00” must be stated at the start of the SMS.

In other parts of the world: The EU General Data Protection Regulation (GDPR), approved by the EU Parliament on 14 April 2016 and coming into effect on 25 May 2018, is making an impact on virtually all web-based services which collect and retain personal data from users in the EU countries. Organizations are required to inform users of how their data will be processed in simple and plain language when obtaining consent, provide an opt-out option, as well as notify users of data breaches.

For NPO humanitarians and disaster relief bodies

There are no hard and fast rules on the usage of SMS in disaster relief missions, however, due to the popularity of SMS in humanitarian efforts, such as in the Haiti earthquake in 2010, GSMA has since worked with a few organizations to draft a guideline on best conduct practices for disaster response. Some rules of thumb have been summarized as follows:

  • Don’t launch an SMS service unless you can act on incoming information

  • Make your SMS service simple to use

  • Allow users to “opt-in” and “opt out” easily

  • Make sure messaging is consistent across different SMS services

For consumers and individuals

In Japan: Mobile operators provide options for subscribers to report spam messages. NTT Docomo supports the report of spam messages, and spammers might face service suspension upon investigation. Softbank Mobile also supports the report of spam messages, as well as barring messages from overseas on certain phone models.

In Malaysia: MCMC mandates that the subscriber is allowed to opt-out, and advises the complaint procedure for the subscriber.


This post is part of a series on SMS communication for organizations, earlier topics include: reasons to adopt SMS, ways to use SMS to reduce operating cost and boost businesses, using SMS for public services, and using SMS for cybersecurity.

Ai Sin Chan

Ai Sin Chan


Joined April 2018. Trained and grew with telco engineers in 16 countries spanned over 4 continents, and written more than 10 manuals in the process. Spent a decade specializing in mobile technology. Crafts her creation with passion.