First review of the PDPA since enactment in 2012.
Proposed amendments to the Personal Data Protection Act (PDPA) to address Singapore’s evolving digital economy needs, and related amendments to the Spam Control Act (SCA), were passed in Parliament in the first week of November 2020.
This is the first comprehensive review of the PDPA since its enactment in 2012, however since then there has been an exponential growth in the amount of data available globally, due to increased use of social media, online activities and increasing adoption of Internet-of-Things (IoT) technologies.
The PDPA has been amended to:
- Strengthen consumer trust through organisational accountability
- Enhance effectiveness of enforcement
- Enhance consumer autonomy
- Enhance data use for innovation
These amendments will strengthen consumer protection, while giving organisations the confidence to harness personal data for innovation, as data has become an integral part of society, economy, and lives, said S Iswaran, Minister for Communications and Information, Singapore.
“The volume of data is growing at an unprecedented rate. Today, Tera/Peta/Zetta bytes of data are being generated by ubiquitous IoT devices and sensors, our real and virtual world activities, and smart machines in manufacturing and supply chains,” he said. “The International Data Corporation estimates that the volume of data that will be created in the next three years will eclipse the total data generated over the past 30 years.”
The amendments aim to ensure that the PDPA continues to safeguard consumers’ interests in the Digital Economy, while keeping pace with technological advances and new business models. It also incorporates feedback received during extensive public and industry consultations conducted by the Ministry of Communications and Information and the Personal Data Protection Commission since 2017.
The PDPA has been updated to be aligned with, and benchmarked against, international best practices from other leading jurisdictions and global frameworks. This enables multi-national companies to adapt global best practices in their Singapore offices easily, minimising compliance costs and adjustments when Singapore-based companies expand into global markets.
Together, these amendments will support Singapore’s ambition to be an innovation and commercial hub. They strengthen consumer trust, provide further clarity to organisations when they use personal data to develop better products, offer more personalised services, and improve operational efficiencies.
According to the Minister data is also a key economic asset in the Digital Economy. Data analytics provide valuable insights that inform decisions, generate efficiencies, enhance products and services, and power innovation. It is a critical resource for emerging technologies like Artificial Intelligence, which hold much transformative potential.
“Our regulatory architecture must evolve and keep pace with these magnitudinal shifts,” he said. “For example, we have initiated Digital Economy Agreements to position Singapore as a key node in the global network of digital flows and transactions.
The proposed amendments to the PDPA are another step to ensure our legislative and regulatory regime is fit for purpose for a digital economy with a complex data landscape.”
Singapore’s “digital economy must be built on a solid foundation of trust,” noted the Minister.
“Consumers must have the confidence that their personal data will be secure and used responsibly, even as they benefit from digital opportunities and data-driven services,” he said. “Organisations need certainty to harness personal data for legitimate business purposes, with the requisite safeguards and accountability.”
According to the Minister businesses must recognise that this is in their self-interest. It is not just about complying with rules or regulations.
“At the end of the day, in a competitive domain,” he said. “Businesses will be able to differentiate themselves by their data policy, and they will be able to signal the quality of the institution by the kind of approaches they take to safeguard their customers’ data. So, they must be accountable and responsible, recognising ultimately that is in their self-interest.”