S'pore personal data protection law 'has bite'

SINGAPORE - The Singapore personal data protection regime has bite in more ways than one, said Ms Elizabeth Denham, Information and Privacy Commissioner of British Columbia, Canada.

Comparing the system here with that in Canada, which has been in place almost three decades before Singapore’s, she said: “There is stronger enforcement power in Singapore’s law.”

For instance, the data protection commissioner is able to fine rule breakers, whereas in Canada, only the courts can issue a fine.

The Singapore system also has a stiff financial penalty embedded in its legislation, providing a good deterrent to rogue behaviour.

“We don’t have monetary penalties embedded in our statutes,” said Ms Denham in an interview with The Straits Times on Friday.

The highest fine the Canadian courts have issued so far is $20,000, she noted.

In Singapore, however, the fine for violating general data protection provisions that protect consumers from inappropriate use and disclosure of their information goes up to $1 million.

Different democratic traditions in Singapore and Canada have also resulted in different approaches in regulating the public sector.

Privacy laws in Canada first came about to regulate the public sector. Laws governing the private sector started only 14 years ago. In contrast, Singapore government agencies are exempted from the new law passed in Parliament in October two years ago.

Minister for Communications and Information Yaacob Ibrahim had said government agencies are subject to their own set of rules on protecting personal data and these are sometimes more stringent than the new law – but these rules have not been made public.

But there are many similarities between the two systems. In fact, Canada was one of the regimes that Singapore referred to in the development of its Personal Data Protection Act (PDPA), which will be enforced from July 2.

For instance, an exemption in their Do Not Call Registries allows firms to send text and fax messages to existing customers without checking with the Registry. This is as long as customers are given an option to unsubscribe to the messages via the same channel.

Singapore’s Do Not Call Registry came into effect on Jan 2.

Ms Denham was in Singapore as a speaker at the 2nd Personal Data Protection Annual Seminar at Grand Copthorne Waterfront Hotel last Friday organised by the Personal Data Protection Commission, which administers the law.

She said that good regulators are “proactive” in investigating how new technologies may compromise consumer privacy.

While Singapore’s PDPA does not protect the general privacy of individuals, her advice to the regulator here is still to study and possibly lay down rules for the use of what she termed as “game changers for data protection”.

They are chiefly Google Glass, a computer prototype that lets wearers film what they see, and wearable surveillance cameras, which Singapore Police Force officers will soon trial.

This article was published on May 19 in The Straits Times.

Get a copy of The Straits Times or go to straitstimes.com for more stories.