Photo of Charmian Aw

Last September the Singapore High Court heard a case relating to Singapore’s Personal Data Protection Act (PDPA). An individual had left his former employer, an investment company, to join a competitor firm. At this new firm, he sent an email to a client of his former employer’s, another individual, whom he had come to know

In Bellingham, Alex v. Reed, Michael [2021] SGHC 125 (Alex v. Reed) The Singapore High Court considered the loss or damage needed for a private action to be brought against an organisation for a breach of the PDPA. In particular, the court found that a mere loss of control over personal data, or emotional distress

The Personal Data Protection (Amendment) Bill (Bill) was introduced and read for the first time in Parliament on October 5, 2020

The Bill proposes significant changes to Singapore’s Personal Data Protection Act 2012 (PDPA). The amendments seek to keep Singapore’s data protection laws up to date with evolving technology developments, as well as global regulatory

The Monetary Authority of Singapore (MAS) published a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector” (the CP) on July 21, 2020. The CP sets out proposals relating to the expansion of supervisory powers by the MAS in a range of important areas, including (among others) additional powers to take enforcement

It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA).

On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA.

The proposed changes are significant. Key amendments include:

  1. Increased financial penalties for contraventions of the PDPA
  2. Mandatory data breach notification
  3. Revised consent framework
  4. New data portability obligation
  5. Enhanced rules on telemarketing and spam

Continue Reading Changes coming to Singapore’s data protection law

On 12 June 2020, Enterprise Singapore and the Singapore Standards Council launched Technical Reference 76: the first-ever guidelines to set out a national standard for e-commerce transactions. The standard is aimed at boosting the digitalisation of SMEs, as well as the burgeoning e-commerce sector in Singapore.

Technical Reference 76 serves as a practical reference for e-retailers and online marketplaces. The guidelines cover a wide range of functions, from the pre-purchase activities of browsing and selection, to purchasing and payment processes, as well as post-purchase fulfilment, delivery, product tracking, returns, refunds and exchanges. They provide best practices for businesses looking to develop and implement the necessary operational procedures, customer support, merchant verification controls, as well as processes to ensure that consumer-facing communications are clear and enable customers to make informed choices.Continue Reading Singapore launches national e-commerce standard

On 4 June 2020, Singapore’s Personal Data Protection Regulations 2014 (Regulations) were amended to specify that recipients of personal data located outside Singapore which are certified under the Asia‑Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) System, would satisfy the cross-border data transfer requirements under Singapore’s data protection law.

The same outcome would be achieved if the recipient is a data intermediary (i.e., processes personal data on behalf of another), and is certified under the Asia‑Pacific Economic Cooperation Privacy Recognition for Processors (APEC PRP) System.
Continue Reading Singapore’s data transfer rules amended to recognise APEC CBPR and PRP certifications

Company investigations (whether self-initiated or required by regulators) generally require the collection, review, and analysis of data to identify documents and other materials that are relevant to the investigation. An investigation may result in the need to access sensitive personal data or, frequently, involve the review of other materials that happen to include personal data

The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation.

Key amendments proposed in the Bill include:

  1. Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher.
  2. Mandatory data breach notification to Singapore’s Personal Data Protection Commission (the Commission) and affected individuals.
  • The timeline for notifying the Commission has been tweaked to within three calendar days from the day an organisation assesses that a breach is notifiable (this was previously 72 hours).
  • There will be regulations to prescribe the categories of personal data which, if compromised in a data breach, will be considered likely to result in significant harm to the individuals affected.
  • The exceptions to notifying affected individuals are: (a) where remedial actions have been taken; or (b) where the personal data is subject to technological protection measures (e.g., encryption), such that the breach is unlikely to result in significant harm to the affected individuals.
  • Please also refer to our earlier client alert here.