The Singapore government introduced a bill into parliament to amend the Electronic Transactions Act (ETA) (Cap. 88) (ETA) on January 4, 2021. The amendments set out in the Electronic Transactions (Amendment) Bill will be of relevance to the trade and commodities finance and fintech sectors as their primary object is to achieve recognition and equivalence

The Personal Data Protection (Amendment) Bill (Bill) was introduced and read for the first time in Parliament on October 5, 2020

The Bill proposes significant changes to Singapore’s Personal Data Protection Act 2012 (PDPA). The amendments seek to keep Singapore’s data protection laws up to date with evolving technology developments, as well as global regulatory

The Monetary Authority of Singapore (MAS) published a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector” (the CP) on July 21, 2020. The CP sets out proposals relating to the expansion of supervisory powers by the MAS in a range of important areas, including (among others) additional powers to take enforcement

It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA).

On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA.

The proposed changes are significant. Key amendments include:

  1. Increased financial penalties for contraventions of the PDPA
  2. Mandatory data breach notification
  3. Revised consent framework
  4. New data portability obligation
  5. Enhanced rules on telemarketing and spam

Continue Reading Changes coming to Singapore’s data protection law

On 4 June 2020, Singapore’s Personal Data Protection Regulations 2014 (Regulations) were amended to specify that recipients of personal data located outside Singapore which are certified under the Asia‑Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) System, would satisfy the cross-border data transfer requirements under Singapore’s data protection law.

The same outcome would be achieved if the recipient is a data intermediary (i.e., processes personal data on behalf of another), and is certified under the Asia‑Pacific Economic Cooperation Privacy Recognition for Processors (APEC PRP) System.
Continue Reading Singapore’s data transfer rules amended to recognise APEC CBPR and PRP certifications

The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation.

Key amendments proposed in the Bill include:

  1. Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher.
  2. Mandatory data breach notification to Singapore’s Personal Data Protection Commission (the Commission) and affected individuals.
  • The timeline for notifying the Commission has been tweaked to within three calendar days from the day an organisation assesses that a breach is notifiable (this was previously 72 hours).
  • There will be regulations to prescribe the categories of personal data which, if compromised in a data breach, will be considered likely to result in significant harm to the individuals affected.
  • The exceptions to notifying affected individuals are: (a) where remedial actions have been taken; or (b) where the personal data is subject to technological protection measures (e.g., encryption), such that the breach is unlikely to result in significant harm to the affected individuals.
  • Please also refer to our earlier client alert here.

On January 30, 2020, The World Health Organization (WHO) declared that the outbreak of novel coronavirus (COVID-19) is a “public health emergency of international concern.” This was, in part, an acknowledgement of the geographic spread of the virus and the need for intensified support for preparation and response, especially in vulnerable countries and regions. Further

The World Health Organization (WHO) declared on January 30, 2020, that the outbreak of 2019 nCoV (novel coronavirus) is a “Public Health Emergency of International Concern.” Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public

Beginning on September 1, 2019, all Singapore private sector organizations will be banned from collecting, using or releasing all national identity cards, copies or their numbers unless required under law or deemed necessary to verify an individual’s identity. If organizations violate the rules under the Singapore Personal Data Protection Act 2012 (PDPA), they could face

In February this year, the Singapore Personal Data Protection Commission (PDPC) launched a public consultation on proposed regulations and two sets of guidelines on key concepts and selected topics under the Personal Data Protection Act 2012 (No. 26 of 2012) (the Act). Following that consultation, the PDPC issued in September the final advisory guidelines on