Singapore's New Data Protection Authority: Strong Enforcement Powers and Business Risks
Privacy Laws & Business International Report, Issue 121, February 2012, 14-16
5 Pages Posted: 16 Apr 2013
Date Written: 2012
Singapore’s Ministry of Communications and Information (MCI) has quickly brought into effect on 2 January 2013 the Personal Data Protection Act (PDPA) enacted in October 2012. This article analyses the enforcement aspects of the Act. The data protection principles in the Act are analysed in http://ssrn.com/abstract=2212608.
The structure and functions of the Personal Data Protection Commission are explained, and why it is not as an independent statutory authority. The article examined the various methods of dispute resolution at its disposal; avenues of appeal; the extent of transparency of the complaint and appeals processes and the advantages and disadvantages of this; and the remedies available, including through the courts as well as the Commission. The vicarious liability of employers for breaches and the personal liability on company officers for offences give non-compliance an unusual level of risk.
The article concludes that although the standards for compliance with Singapore’s Act may not turn out to be very high, and it has exemptions of sweeping and partly unknown scope, that Act appears to have a serious and multi-faceted ‘enforcement pyramid.’ It is a data privacy law which may have surprising results.
Keywords: data protection, privacy, Singapore, data protection authority, DPA
Suggested Citation: Suggested Citation