The Singapore government introduced a bill into parliament to amend the Electronic Transactions Act (ETA) (Cap. 88) (ETA) on January 4, 2021. The amendments set out in the Electronic Transactions (Amendment) Bill will be of relevance to the trade and commodities finance and fintech sectors as their primary object is to achieve recognition and equivalence
Singapore’s amended Personal Data Protection Act to come into force before year end
The Personal Data Protection (Amendment) Bill (Bill) was introduced and read for the first time in Parliament on October 5, 2020
The Bill proposes significant changes to Singapore’s Personal Data Protection Act 2012 (PDPA). The amendments seek to keep Singapore’s data protection laws up to date with evolving technology developments, as well as global regulatory…
Monetary Authority of Singapore publishes a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector”
The Monetary Authority of Singapore (MAS) published a “Consultation Paper on a Proposed New Omnibus Act for the Financial Sector” (the CP) on July 21, 2020. The CP sets out proposals relating to the expansion of supervisory powers by the MAS in a range of important areas, including (among others) additional powers to take enforcement…
Changes coming to Singapore’s data protection law
It has been eight years since the enactment of Singapore’s comprehensive data protection law, the Personal Data Protection Act 2012 (PDPA).
On May 14, 2020, a public consultation paper and accompanying Personal Data Protection (Amendment) Bill (Amendment Bill) were published, to solicit feedback on several proposed revisions to the PDPA.
The proposed changes are significant. Key amendments include:
- Increased financial penalties for contraventions of the PDPA
- Mandatory data breach notification
- Revised consent framework
- New data portability obligation
- Enhanced rules on telemarketing and spam
Continue Reading Changes coming to Singapore’s data protection law
Singapore’s data transfer rules amended to recognise APEC CBPR and PRP certifications
On 4 June 2020, Singapore’s Personal Data Protection Regulations 2014 (Regulations) were amended to specify that recipients of personal data located outside Singapore which are certified under the Asia‑Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) System, would satisfy the cross-border data transfer requirements under Singapore’s data protection law.
The same outcome would be achieved if the recipient is a data intermediary (i.e., processes personal data on behalf of another), and is certified under the Asia‑Pacific Economic Cooperation Privacy Recognition for Processors (APEC PRP) System.
Continue Reading Singapore’s data transfer rules amended to recognise APEC CBPR and PRP certifications
Singapore proposes significant changes to its data protection law
The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation.
Key amendments proposed in the Bill include:
- Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher.
- Mandatory data breach notification to Singapore’s Personal Data Protection Commission (the Commission) and affected individuals.
- The timeline for notifying the Commission has been tweaked to within three calendar days from the day an organisation assesses that a breach is notifiable (this was previously 72 hours).
- There will be regulations to prescribe the categories of personal data which, if compromised in a data breach, will be considered likely to result in significant harm to the individuals affected.
- The exceptions to notifying affected individuals are: (a) where remedial actions have been taken; or (b) where the personal data is subject to technological protection measures (e.g., encryption), such that the breach is unlikely to result in significant harm to the affected individuals.
- Please also refer to our earlier client alert here.
COVID-19 outbreak: Data privacy issue requirements on employee personal data differ in China, Hong Kong, and Singapore
On January 30, 2020, The World Health Organization (WHO) declared that the outbreak of novel coronavirus (COVID-19) is a “public health emergency of international concern.” This was, in part, an acknowledgement of the geographic spread of the virus and the need for intensified support for preparation and response, especially in vulnerable countries and regions. Further…
Novel coronavirus outbreak throws up data privacy questions for businesses in China, Hong Kong and Singapore
The World Health Organization (WHO) declared on January 30, 2020, that the outbreak of 2019 nCoV (novel coronavirus) is a “Public Health Emergency of International Concern.” Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public…
Singapore’s Personal Data Protection Act provides guidelines for handling national identification
Beginning on September 1, 2019, all Singapore private sector organizations will be banned from collecting, using or releasing all national identity cards, copies or their numbers unless required under law or deemed necessary to verify an individual’s identity. If organizations violate the rules under the Singapore Personal Data Protection Act 2012 (PDPA), they could face…
Singapore Personal Data Protection Commission Issues Advisory Guidelines on Key Concepts in the Personal Data Protection Act 2012
In February this year, the Singapore Personal Data Protection Commission (PDPC) launched a public consultation on proposed regulations and two sets of guidelines on key concepts and selected topics under the Personal Data Protection Act 2012 (No. 26 of 2012) (the Act). Following that consultation, the PDPC issued in September the final advisory guidelines on…