Regulations with Data Export Limitations Bring Singapore's Data Privacy Law into Force

(2014) 130 Privacy Laws & Business International Report, 1-4

UNSW Law Research Paper No. 2014-60

4 Pages Posted: 31 Oct 2014 Last revised: 19 Jul 2015

See all articles by Graham Greenleaf

Graham Greenleaf

University of New South Wales, Faculty of Law

Date Written: August 30, 2014

Abstract

On 2 July 2014, the data protection provisions of Singapore’s Personal Data Protection Act 2012 (PDPA) came into force, following an 18 month transition period for companies to prepare for compliance. To complete the process, the Personal Data Protection Regulations 2014 (PDPR) were made on 15 May 2014.

This article considers the most important aspects of the Regulations, which concern personal data exports. Singapore’s approach is very thorough and not easily classified – it is sui generis. The Act requires that data exports should only be to recipients bound by legally enforceable obligations comparable to those found in Singapore, and also includes some elements of extraterritoriality. Regulation 10 specifies that ‘legally enforceable obligations’ may include laws, contracts, binding corporate rules (BCRs) or ‘any other legally binding instrument’. It probably gives individual data subjects few opportunities to protect themselves against unprotected exports, unless an export becomes publicly notorious. However, it does impose obligations on companies which, if not observed, could result in PDPC enforcement action if something goes badly wrong.

Other aspects of how the PDPA is being brought into force are also explained, including regulations concerning deceased persons, various draft Guidelines, and exemptions promulgated by the Monetary Authority of Singapore which illustrate a major weakness of the PDPA. They have a common feature that businesses involved with Singapore need to be aware of considerable regulatory detail or there are considerable risks involved.

Keywords: data protection, privacy, Singapore, Asia, BCR, binding corporate rules, data exports

Suggested Citation

Greenleaf, Graham, Regulations with Data Export Limitations Bring Singapore's Data Privacy Law into Force (August 30, 2014). (2014) 130 Privacy Laws & Business International Report, 1-4, UNSW Law Research Paper No. 2014-60, Available at SSRN: https://ssrn.com/abstract=2516735

Graham Greenleaf (Contact Author)

University of New South Wales, Faculty of Law ( email )

Sydney, New South Wales 2052
Australia
+61 2 9385 2233 (Phone)
+61 2 9385 1175 (Fax)

HOME PAGE: http://www2.austlii.edu.au/~graham

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
217
Abstract Views
1,901
Rank
216,545
PlumX Metrics