Photo of Carolyn Chia, Resource Law LLC

The Singapore government introduced a bill into parliament to amend the Electronic Transactions Act (ETA) (Cap. 88) (ETA) on January 4, 2021. The amendments set out in the Electronic Transactions (Amendment) Bill will be of relevance to the trade and commodities finance and fintech sectors as their primary object is to achieve recognition and equivalence

The Personal Data Protection (Amendment) Bill (Bill) was introduced and read for the first time in Parliament on October 5, 2020

The Bill proposes significant changes to Singapore’s Personal Data Protection Act 2012 (PDPA). The amendments seek to keep Singapore’s data protection laws up to date with evolving technology developments, as well as global regulatory

It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA).

On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA.

The proposed changes are significant. Key amendments include:

  1. Increased financial penalties for contraventions of the PDPA
  2. Mandatory data breach notification
  3. Revised consent framework
  4. New data portability obligation
  5. Enhanced rules on telemarketing and spam

Continue Reading Changes coming to Singapore’s data protection law

On 12 June 2020, Enterprise Singapore and the Singapore Standards Council launched Technical Reference 76: the first-ever guidelines to set out a national standard for e-commerce transactions. The standard is aimed at boosting the digitalisation of SMEs, as well as the burgeoning e-commerce sector in Singapore.

Technical Reference 76 serves as a practical reference for e-retailers and online marketplaces. The guidelines cover a wide range of functions, from the pre-purchase activities of browsing and selection, to purchasing and payment processes, as well as post-purchase fulfilment, delivery, product tracking, returns, refunds and exchanges. They provide best practices for businesses looking to develop and implement the necessary operational procedures, customer support, merchant verification controls, as well as processes to ensure that consumer-facing communications are clear and enable customers to make informed choices.Continue Reading Singapore launches national e-commerce standard

On 4 June 2020, Singapore’s Personal Data Protection Regulations 2014 (Regulations) were amended to specify that recipients of personal data located outside Singapore which are certified under the Asia‑Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) System, would satisfy the cross-border data transfer requirements under Singapore’s data protection law.

The same outcome would be achieved if the recipient is a data intermediary (i.e., processes personal data on behalf of another), and is certified under the Asia‑Pacific Economic Cooperation Privacy Recognition for Processors (APEC PRP) System.
Continue Reading Singapore’s data transfer rules amended to recognise APEC CBPR and PRP certifications

The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation.

Key amendments proposed in the Bill include:

  1. Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher.
  2. Mandatory data breach notification to Singapore’s Personal Data Protection Commission (the Commission) and affected individuals.
  • The timeline for notifying the Commission has been tweaked to within three calendar days from the day an organisation assesses that a breach is notifiable (this was previously 72 hours).
  • There will be regulations to prescribe the categories of personal data which, if compromised in a data breach, will be considered likely to result in significant harm to the individuals affected.
  • The exceptions to notifying affected individuals are: (a) where remedial actions have been taken; or (b) where the personal data is subject to technological protection measures (e.g., encryption), such that the breach is unlikely to result in significant harm to the affected individuals.
  • Please also refer to our earlier client alert here.

Since coming into effect in 2014, Singapore’s personal data protection law has been active enforcing the law since its passing. The law applies to all organizations operating in Singapore, regardless of their size and the nature of their business. Companies that employ personnel in Singapore must take note of how Singapore data protection law applies

On January 30, 2020, The World Health Organization (WHO) declared that the outbreak of novel coronavirus (COVID-19) is a “public health emergency of international concern.” This was, in part, an acknowledgement of the geographic spread of the virus and the need for intensified support for preparation and response, especially in vulnerable countries and regions. Further

The World Health Organization (WHO) declared on January 30, 2020, that the outbreak of 2019 nCoV (novel coronavirus) is a “Public Health Emergency of International Concern.” Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public

Singapore’s Personal Data Protection Commission (PDPC) has announced that data breach notification will soon become mandatory in Singapore. However, not all breaches need to be reported. We have prepared this guide to aid businesses in understanding when, to whom and how to notify should they encounter a data breach.

As further guidance and details on the new requirements will be provided by PDPC in due course, we will follow up with an updated guide at the appropriate time.

What is a data breach?

 A data breach refers to any unauthorized access, collection, use, disclosure, copying, modification or disposal of personal data in an organization’s possession or under its control.Continue Reading An FAQ guide to data breach notifications in Singapore