Singapore’s Personal Data Protection Commission (PDPC) has embarked on a series of new initiatives as part of its efforts to develop a trusted data ecosystem in the Republic.
With an increase in data sharing activities in the digital economy, these initiatives will ensure that the data protection ecosystem stays up to date – allowing businesses to innovate and seize new opportunities while continuing to ensure that individuals’ personal data are well-protected.
The initiatives include:
- Launch of public consultation on PDPC’s review of the Personal Data Protection Act (PDPA) to keep pace with technology and global developments;
- Publication of a new guide to help organisations adopt best practices when sharing data;
- Plans to introduce a Data Protection Trustmark certification scheme by end 2018;
- Singapore’s Notice of Intent to participate in the Apec Cross-Border Privacy Rules System and the Apec Privacy Recognition for Processors System (APEC CBPR and PRP).
- Encourage Innovation while Ensuring Robust Data Protection
The data protection landscape is becoming more complex, due to technology advances such as Internet of Things and Artificial Intelligence.
Large amounts of data are being collated, analysed and shared. Given the sheer volume of data transactions, it may not be practical or possible for businesses to seek consent at every instance of data collection or use.
There could also be instances where consent is not desirable or appropriate, such as for detection of fraud or security threats. There are also increasing concerns over potential data breaches and their impact on affected individuals.
It is therefore timely to review the PDPA to ensure that it stays relevant with current trends and developments, and continues to safeguard consumers’ interests and personal data, while still allowing businesses to leverage on data to innovate.
PDPC will be seeking views on its proposals, through a public consultation from July 27 to Sept 21, 2017, on two key areas – proposed enhanced framework for collection, use and disclosure of personal data, and proposed mandatory data breach notification.
“Having a trusted and progressive personal data protection framework is integral to Singapore’s digital economy. Given the rapid advances in data-related technologies and business models, it is timely to review the Personal Data Protection Act to maintain the appropriate balance between safeguarding consumer interests and facilitating innovations around information sharing among organisations,” said PDPC commissioner Tan Kiat How.
Through this, PDPC hopes to change the way data protection is viewed among organisations, moving them away from seeing data protection merely as a compliance exercise to one where organisations adopt an accountability mindset and build trust with their customers.
Guide to data sharing
PDPC launched a new guide to help organisations identify the appropriate approaches for sharing personal data within and between organisations, while complying with the PDPA.
The guide also provides a framework for the PDPC to exempt particular data sharing arrangements from specific obligations under the PDPA.
DP Trustmark certification scheme
In a survey conducted in 2016, four out of five respondents agreed that the introduction of a Trustmark certification scheme would improve consumer confidence, particularly if certification is linked to a Government body.
Therefore, PDPC is developing a Data Protection (DP) Trustmark certification scheme and a series of resources aimed at encouraging organisations to be transparent and accountable in their data protection measures.
The resources will also help to facilitate locally-based organisations’ ability to exchange information across borders, while attracting more businesses to conduct data innovation activities in Singapore.
PDPC plans to consult the industry on the details of the DP Trustmark certification scheme in the third quarter of this year. PDPC aims to roll out the programme by end 2018.
Facilitate cross-border data flows
Singapore’s Notice of Intent to Participate in the Apec Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems
Singapore will participate in Apec’s Cross-Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems to strengthen confidence among businesses when sharing their data across borders.
Singapore has recently submitted its Notice of Intent to participate in the systems, which provide validation of businesses’ data protection practices. Certified organisations will be recognised by participating economies, and their data flows facilitated among organisations in the region.