The Personal Data Protection Commission (PDPC) yesterday introduced three new initiatives to facilitate the movement and use of data to support innovation, and to strengthen accountability among organisations.
The first being a public consultation to seek views on proposed data portability and data innovation provisions, as part of the review of the Personal Data Protection Act 2012 (PDPA) and a new Guide on Active Enforcement as part of its drive for organisations to shift from compliance to accountability; and an updated Guide to Managing Data Breaches 2.0, to help organisations manage and respond to data breaches more effectively.
These were announced by Deputy Commissioner of PDPC, Mr Yeong Zee Kin at the “Know Ahead to Stay Ahead – Leadership’s Engagement in Data Protection” session. The event, co-organised by the PDPC and Singapore Business Federation, and supported by the Law Society of Singapore, is part of Singapore’s week-long Privacy Awareness Week, a global initiative by the Asia Pacific Privacy Authorities.
Mr Yeong said, “Data is a key enabler of digital transformation, but a balance must be achieved between data protection and business innovation. We are taking firm steps to position Singapore as a trusted data hub in the global Digital Economy by seeking feedback on the proposed data portability and innovation provisions, as well as test bedding data breach notification measures.”
“The PDPC also recognises the importance of being responsive and agile in enforcing data protection in an environment of fast evolving data use, coupled with sweeping technological advances. Hence, the PDPC has converted its knowledge and experience in investigations to practical enforcement approaches in a Guide to Active Enforcement which businesses can refer to, and also updated the Guide to Managing Data Breaches.”
Data Portability and Data Innovation Provisions Public Consultation
Firstly, the PDPC launched its third public consultation under the ongoing review of the PDPA, to seek feedback and views on the proposed introduction of the data portability and data innovation provisions. This consultation builds on the data portability discussion paper launched in February 2019.
The proposed data portability provision will provide individuals with greater control over their personal data and enable greater access to more data by organisations to facilitate data flows and increase innovation, while the proposed data innovation provision makes it clear that organisations can use data for appropriate business purposes without individuals’ consent. Collectively, the proposals provide a balancedregulatory approach to empower consumer choice and support innovation in a Digital Economy.
This approach is aligned with a global push towards data portability, with jurisdictions such as the European Union, Australia, India, Japan and New Zealand either having implemented or planning to implement data portability in their respective data protection regimes. Such alignment is crucial to ensuring that the PDPA keeps pace with progressive global developments and go towards strengthening international recognition of Singapore’s data protection regime.