SG Data Law Update Snubs Consent for Legit Business Uses

The recent amendments made to Singapore’s Personal Data Protection Act (PDPA) did not include user consent on how their data will be shared and used for “legitimate” business use, said ZDNet.

Singaporean Communications and Information Minister S. Iswaran said in a speech that information is important, as it is an essential asset in a digital economy. It is also used to gain insights that can help improve businesses and their products or services.

Pinset Masons noted that businesses can collect info for various purposes such as operational efficiency and improvements, development and betterment of offerings, and understanding customers.

SG Data Law Update

Iswaran also stated that it is essential in ushering in innovations such as artificial intelligence (AI) and other emerging technologies.

With the value offered by data, Iswaran believes that Singapore’s legislation should keep up with this need, especially as “a key node in the global network of digital flow and transactions.”

This is why companies are allowed to gather and use such info for various purposes such as business improvement and research under the amendments to the nation’s data privacy laws. This covered by the “exceptions to the consent” clause in the PDPA.

Moreover, under the so-called “deemed consent,” the PDPA also allows companies to share their customers’ information with partner organizations such as external contractors.

The PDPA, overseen by the Personal Data Protection Commission (PDPC), also underwent amending to ensure that its implementation remains true to the purpose of participating in a digital economy, complete with a multifaceted data collection.

Iswaran believes that legislation surrounding consumer info should be “built around trust,” as per ZDNet. Consumers must trust in the sharing and usage of their information, as they benefit from the developments brought forth by companies; use of their info.

The amendments to the existing law, which has been around since 2012, seeks to balance out the benefits and risks of info sharing and use. This is why the changes allow companies to harvest personal info, but only for legal purposes.

The collection of such info will be surrounded by protective and accountability measures. The amendments include strict financial penalties for breaches. The fines can go beyond the previous cap which is SGD 1 million.

New fines will be 10% of the company’s yearly turnover or SGD 1 million, depending on which figure is higher.

PDPC dealt with 158 breach cases last year, with 58 decisions. Thirty-nine organizations paid SGD 1.7 million.