Update on proposed amendments to Singapore’s PDPA
Nov08

Update on proposed amendments to Singapore’s PDPA

Singapore’s Personal Data Protection Commission (PDPC) has today issued a response to the feedback received on its earlier public consultation on a new direct marketing act, a new enhanced practical guidance framework (EPG Framework) and a review of the exceptions to the consent obligation. A copy of the PDPC’s response can be found here. The PDPC’s response refines and clarifies some of its earlier proposals, taking into account the public feedback that was received. Outlined below are some of the key developments. The PDPC will clarify that the new direct marketing act: (A) will not apply to in-app notifications; (B) will also apply to unsolicited marketing and commercial messages sent via text but that include images, videos and audio files; and (C) will also apply to messages sent by senders who users have “followed” on a social media platform but from whom users may not wish to receive commercial text messages. The PDPC will institute a phased approach to the shortening of the mandated period for effecting a user’s withdrawal of consent for direct marketing calls. Such withdrawal period for phone calls under the Do-Not-Call provisions will be shortened from 30 days to 21 days initially, before being shortened to 10 business days in order to align with the withdrawal period for unsolicited marketing messages. The PDPC has confirmed that: (A) determinations under the EPG Framework will be available proposed business activities which have sufficiently detailed plans; and (B) that professional advisors will be allowed to seek determinations on behalf of organisations, and industry bodies will be allowed to seek determinations on behalf of their members. The PDPC will now impose a fixed validity period for all EPG Framework determinations, which will be decided on a case-by-case basis. What’s next? It is expected that the new Direct Marketing Act and EPG Framework provisions will now be drafted, although the timeframe within which these will be open to public consultation and tabled in Parliament is unknown. The PDPC’s response also suggests that further refinements to the exceptions to the Consent Obligation can be...

Read More
Singapore to form advisory council for ethical use of AI
Jun21

Singapore to form advisory council for ethical use of AI

Earlier this month, the Singapore Government announced the formation of an Advisory Council on the Ethical Use of Artificial Intelligence (AI) and Data as part of a wider push to support Singapore as a global hub for AI development and innovation. The council will be chaired by former Attorney-General VK Rajah, and will consist of representatives from technology companies and users of AI. What is the role of the Advisory Council? The Advisory Council will lead discussions and provide guidance to the Singapore Government on the responsible development and deployment of AI. It will work with key stakeholder groups on ethical issues arising from the use of AI. This will include working with industry to understand issues arising in the private sector; working with consumer advocates to understand consumer expectations in respect of AI; and working with the investment community to increase awareness of the need to incorporate ethical considerations in their AI investment decisions. Why is Singapore forming such an Advisory Council? AI is becoming an increasingly integral part of life in Singapore as the Government executes its “Smart Nation” initiative. For example, local bank OCBC has developed an AI-based automated chat system called Emma that can communicate with customers and work out home loans; scientists at A*star’s Genome Institute of Singapore are using AI to pinpoint the roots of gastric cancer by scanning the entire genomes of a few hundred gastric cancer tumours; and researchers from the Saw Swee Hock School of Public Health and Singapore’s National Environment Agency has developed an AI agent to forecast dengue incidence up to four months ahead by learning the seasonal patterns of dengue cases over the last decade. These are just a few recent use cases as, with top-down support from the Government, Singapore embarks on an effort to position itself as a global centre of excellence in AI. Putting in place the Advisory Council, as part of a wider set of initiatives in the AI space, is the start of an effort to build a framework for trust in AI. What does “ethics” mean in this context? In making the announcement, the Infocomm Media Development Authority (IMDA) provided its own definition of “ethics” in the context of AI: “Ethics encompasses issues surrounding fairness, transparency and the ability to explain an AI’s decision.” This is a concept that will no doubt develop in the coming years but by providing a definition and, in particular, emphasising a need for AI to be able to explain itself, the IMDA appears to be setting out in general terms what it considers to be “ethical” in the context of AI. What else is Singapore...

Read More
New direct marketing act and other proposed amendments to the PDPA
May30

New direct marketing act and other proposed amendments to the PDPA

Key takeaways Singapore’s Personal Data Protection Commission (PDPC) is proposing a new act on direct marketing that will combine the provisions in the Spam Control Act with the Do-Not-Call provisions in the Personal Data Protection Act (PDPA). The new act will also include some changes to streamline the regulations for all unsolicited commercial messages. A new Enhanced Practical Guidance framework has been proposed that will allow the PDPC to provide “determinations” with regulatory certainty on whether specific business activities are PDPA-compliant. A review of the existing exceptions to the consent obligation set out in the Second to Fourth Schedules to the PDPA will be undertaken, with a view to updating them for continuing commercial relevance. The deadline to submit comments on these proposals is 5pm on 7 June 2018. What you need to know about this Public Consultation On 27 April 2018, the PDPC released a Public Consultation Paper with a number of proposed changes to the PDPA. This Public Consultation follows in the wake of two recent public consultations conducted last year which dealt with proposed guidelines on the use of NRIC numbers, enhancements of the way in which data is collected, used and disclosed, and on the introduction of a data breach notification regime. We discuss some of the key proposals of this Public Consultation below. 1. New act to merge direct marketing regulations Unsolicited commercial messages are currently regulated under two Acts – the PDPA and the Spam Control Act (SCA). Presently, the SCA applies to electronic messages (i.e. email and text messages) sent in bulk, while the Do-Not-Call (DNC) provisions of the PDPA applies to marketing messages sent to a Singapore telephone number. The PDPC proposes to merge the SCA and the DNC provisions of the PDPA into a new act that will govern all unsolicited commercial messages, mirroring the approach taken in other jurisdictions such as Hong Kong and the United Kingdom. The new act will also introduce some additional changes including the extension the DNC provisions to all unsolicited marketing text messages sent to Singapore numbers (not just those sent in bulk) and by extending the SCA provisions to unsolicited messages sent through instant messaging platforms (e.g. WhatsApp and LINE). Amendments are also proposed to align the time period afforded to organisations to effect a withdrawal of consent or unsubscribe request from an individual. These changes are intended to reduce ambiguity for organisations in complying with different requirements when sending marketing messages. 2. New Enhanced practical guidance framework The PDPC proposes to introduce a new Enhanced Practical Guidance Framework to supplement the existing general advisory guidelines and guides it publishes. The proposed Framework...

Read More
Singapore’s new Cybersecurity Bill: What’s changed and what happens next
Jan18

Singapore’s new Cybersecurity Bill: What’s changed and what happens next

Singapore has taken a step closer to passing its first Cybersecurity Act. On 8 January 2018, Singapore’s first Cybersecurity Bill was read in Parliament. This Bill is an updated version, and was revised following a public consultation process on the initial draft Bill in July 2017. The government received 92 submissions from a diverse range of stakeholder groups, and the consultation was extended in response to requests for more time to provide feedback, reflecting the level of interest in this legislation. This updated Bill is a timely and important development in view of increasingly sophisticated cyber-attacks that could potentially cause major disruptions to Singapore’s economy. The intention behind this Bill is to have a coordinated national approach to cybersecurity, and ensure that critical information infrastructure (CII) across all sectors are protected consistently. We summarised the key provisions in the previous Bill in our earlier post. In this post, we summarise the key changes introduced by the updated Cybersecurity Bill: What has changed? 1.  Critical information infrastructure. This updated Bill tightens certain important definitions, and acknowledges that the owners of CII may not always be best placed to ensure that the statutory obligations are fulfilled. The key changes are as follows: Definition of CII. The definition of CII has been tightened and will only include those computer or computer systems that have been designated as such by the Commissioner. Definition of owners of CII. Owners of CII, who will need to comply with the relevant statutory obligations under the Bill, are now defined as legal owners (instead of someone with effective control over the CII etc.). The Cyber Security Agency of Singapore (CSA), in its end-of-consultation report, further clarified that computer systems in the supply chain supporting the operation of a CII will not be designated as CII, and therefore third party vendors will not be considered owners of CII. These are positive developments as there is now certainty over the imposition of statutory obligations. Responsibility for compliance. There is also now a mechanism for owners of CII to request the Commissioner to address the notice for compliance to another person under certain conditions (e.g. if the owner does not have effective control over the operations of the CII). This acknowledges that owners may not also be operators of the CII, and are hence not best placed to ensure that the statutory obligations are fulfilled. 2.  Government power to access data. Some of the responses expressed concerns about the government’s broad rights to access information and systems. However, the broad powers granted to the Commissioner to access physical and digital assets have, if anything, been increased further. Although the degree...

Read More
IMDA releases long-awaited proposed changes to the Films Act
Dec08

IMDA releases long-awaited proposed changes to the Films Act

  On 4 December 2017, the Info-communications Media Development Authority of Singapore (“IMDA”) released its long-awaited public consultation paper on the proposed changes to the Films Act (Cap. 107). Minister for Communications and Information, Yaacob Ibrahim, first indicated in January of this year that the government was looking to amend both the Films Act and Broadcasting Act to take into account changes in technology. One broad theme that emerges from the proposed amendments is the fact that the IMDA is focussing its regulatory efforts on the distribution and public exhibition of films. While changes are also proposed to include digital streaming technology under the regime, the emphasis on “public exhibition” indicates that IMDA is, for the purposes of the current consultation at least, taking a lighter-touch approach to regulating consumer-focussed over-the-top video streaming services. There are several proposed amendments, but this post sets out the four key proposals you should be aware of. Four key proposed changes Formalisation of co-classification scheme. Following successful trials in 2011 and 2015, IMDA now proposes to formalise its industry co-classification scheme. This scheme allows employees of industry players to register and be trained as film content assessors. These industry players will then be allowed to independently co-classify films up to the PG-13 rating through their film content assessors. Safeguards will be put in place to ensure the system is not abused, such as IMDA’s right to conduct sample audits of films that have been co-classified and penalties for misclassification. Introduction of video games class licence. Currently, video games are often submitted for classification by wholesale distributors. For video games classified as M18, point-of-sale requirements are attached to the classification certificate issued by IMDA (e.g. ensuring the games are not sold to under-aged consumers). The downstream retailers that sell the video games to consumers are often not made aware of these requirements, defeating their purpose. IMDA proposes introducing an automatic class licence scheme for retailers that sell video games on physical media (e.g. on DVDs) to make them directly responsible for complying with the point-of-sale requirements. The licence will be automatic with no registration required, and will not involve the payment of any licence fees. Clarification that the films licence is only intended to apply to the distribution and public exhibition of films. IMDA has clarified that its films licensing scheme is only targeted at the distribution and public exhibition of films and is proposing amendments to reflect this. Amendments will also be made to ensure that films publicly exhibited by means of streaming or other digital transmission are also included under this scheme. In determining what is a “public exhibition” requiring a licence,...

Read More
Transforming Singapore into a Technology-driven Global Financial Centre
Nov13

Transforming Singapore into a Technology-driven Global Financial Centre

On 30 October 2017, the Monetary Authority of Singapore (MAS) released an industry transformation map (ITM) for financial services that outlined an agenda for continuous innovation and technology adoption. As a law firm that combines a deep-seated funds and investment management expertise with a leading-edge technology practice, we would like to highlight the following takeaways from the ITM: 1. Leading fund and wealth management hub. MAS is working with the financial industry to develop a centre of excellence for wealth management technology and innovation. A significant part of this initiative would be using big data and artificial intelligence to counter money laundering in the region and maintaining Singapore’ reputation as a clean financial centre. This can be done by identifying unusual patterns of transactions across a network of entities and across times. Digital advisory services, where programs assist clients in deciding on investment portfolios, are also becoming more popular. The introduction of these new technologies are however not discrete, and are instead part of a larger transformation of the financial services ecosystem. 2. Technological innovations. MAS acknowledges that technology has changed the financial services industry, and it is crucial for our financial sector and regulations to transform in tandem. A key focus under the ITM is to facilitate innovation in the sector by encouraging the adoption of technology by financial institutions. For example, MAS will collaborate with financial institutions to create common standards such as for electronic payments, and electronic know-your-client checks. These will accelerate the adoption of technology by financial institutions which will ultimately benefit customers. The ITM reflects what is already happening in practice. We have noticed a greater convergence of fund and wealth management and technology, where fund and wealth management institutions are starting to invest in new technologies such as crypto-currency or blockchain technology. MAS, in turn, has also sought to boost the Singapore venture capital landscape with relaxed rules for fund managers (we recently wrote an article on this which can be accessed here). The ITM enforces this interaction and is a step in the right direction to encourage or enable more of such crossovers in future. Taking a step back, the ITM is part of wider ambition to create a Smart Financial Centre in Singapore, where technology is used pervasively in the financial services industry. MAS is taking a holistic approach to this transformation, by setting up an international advisory panel for cybersecurity matters. This ambition brings with it certain risks, and the advisory panel will bring global perspectives on evolving technologies and cyber threats and their implications for financial services. Overall, with the transformation of the way financial services are delivered, customers can...

Read More