Singapore seeks to introduce new data portability obligation
Jun04

Singapore seeks to introduce new data portability obligation

Key Takeaways  Singapore’s Personal Data Protection Commission (PDPC) released a public consultation on 22 May 2019 relating to data portability and data innovation under the Personal Data Protection Act (PDPA). The proposed data portability obligation would impose a mandatory obligation on organisations to provide an individual’s data at their request to another organisation in a commonly used machine-readable format. The proposed data innovation clarifications would exempt organisations from: (a) notifying individuals of and seeking their consent to use personal data for “business innovation purposes”; and (b) complying with the access, correction and proposed data portability obligations in respect of “derived personal data”. This PDPC is now seeking feedback on these proposals. The deadline to submit feedback is 3 July 2019. The proposed changes at a glance  Proposed Data Portability Obligation Who does the obligation apply to? All organisations to which the PDPA applies, except for data intermediaries. What is the scope of the obligation? Upon request from an individual, an organisation must provide the individual’s data in its possession or under its control to another organisation that has a presence in Singapore in a commonly used machine-readable format. This is subject to compliance with a prescribed process for dealing with such requests that includes verification of the request and allowing the individual to verify the data before it is ported. Please see the graphic below for more details. What data is subject to the obligation? Any data in electronic form: (i) provided by the individual to the organisation; and (ii) generated by the individual’s activities in using the organisation’s product or service. This is not limited to personal data and may include non-personal data, such as business contact information. However, personal data collected lawfully without consent (e.g. where authorised under the PDPA or other law) is not included. Are there any exceptions to the obligation? These would be the same as the exceptions to the existing Access Obligation, save for the exceptions where fulfilling the request would: (i) reveal personal data about another individual; (ii) reveal the identity of the individual who has provided the personal data and that individual does not consent to the disclosure of his/her identity. The data portability obligations must still be fulfilled in those situations. What are the penalties for non-compliance? The PDPC has the power to review refusals to port data, failure to port data within a reasonable time, and the fees imposed for porting data. Breaches of the proposed data portability obligation would be subject to the same penalty framework as the rest of the PDPA. Fig. 1 Handling Data Portability Requests: Key Obligations  Proposed Data Innovation Provisions PDPC is proposing clear...

Read More
The Hotel of the Future: Legal Considerations in Hotel Innovation
Oct17

The Hotel of the Future: Legal Considerations in Hotel Innovation

Imagine having your luggage checked straight to your hotel as you alight from your plane, and the next time you see it will be in your hotel room. Lugging of bags from the airport to the hotel may become a thing of the past. Or imagine using your phone to access your room as well as attractions, instead of having to juggle multiple access cards and tickets. This “Hotel of the Future” may soon be a reality, if the recommendations of Singapore’s Hotel Innovation Committee (HIC) are followed. The HIC was formed in February 2016 to oversee the industry’s adoption of innovative solutions, following the recommendations of the Hotel Industry Expert Panel Report. The HIC has released its Best Practices Guide for Hotels in July 2017, and they are currently evaluating submissions received for the Tourism Innovation Challenge for Hotels, a crowd-sourcing pitch exercise. In this post, we look at the opportunities that these developments bring for the hotel industry and comment on some of the key legal considerations for the “Hotel of the Future”, mapped to some of the HIC’s recommendations. The innovation opportunity The hotel sector is well positioned to reap the benefits that technology may bring, driven by rising demand from increasingly sophisticated travellers, and greater applicability of technology in providing a more seamless experience. Innovation will be fundamental in transforming the hotel sector towards productivity driven growth. This is especially important in light of the increased competition as seen in the rise in the number of hotel rooms in Singapore in recent years. Between 2012 and 2016, total available room nights rose by nearly 30% from 12,477,908 in 2012 to 16,161,862 in 2016, which dampened revenue by approximately 12% (average revenue per available room dropped from $226 in 2012 to $198.8 in 2016). Key legal considerations 1. Privacy and data protection – Responsible collection and usage of information As guests connect via a growing number of digital touchpoints, hotels will generate and collect more data than ever before, whether via wearable technology (for in-house payments, room access and even entry to attractions), targeted marketing (such as providing tailored sightseeing recommendations) or loyalty programmes. With all of this data comes the obligation to comply with data protection laws – including, in particular, the Personal Data Protection Act (PDPA). Organisations need to have robust processes and systems in place. Not only is compliance a legal requirement but it is also good business practice. Taking steps such as being transparent about data collection practices, obtaining appropriate consents and keeping data secure will be key to building a trusted relationship with guests in the Hotel of the Future. Our...

Read More