sdecoret -

Singapore proposes data portability provisions

The Personal Data Protection Commission is seeking public feedback on proposed provisions that will let consumers move their personal data across organisations

Singapore is looking to introduce data portability provisions under its personal data protection regime in a bid to improve access to data that is necessary for businesses to deliver better personalised services and insights for consumers.

Under the provisions mooted by the Personal Data Protection Commission (PDPC), consumers would be able to request for their personal data to be moved across organisations, facilitating data flows and supporting data sharing both within and across sectors.

The PDPC said this would empower consumers with greater choice and control over the use of their data, and potentially reduce the costs for consumers to switch service providers.

For example, consumers could move records and important histories that affect how services are offered to them, such as transactional data of their loan or credit repayments or purchase histories.

Doing so will also addresses challenges faced by businesses in accessing more diverse data or larger datasets for use in emerging technologies such as artificial intelligence (AI) and the internet of things (IoT), the PDPC said.

Complementing the proposed data portability provisions are data innovation provisions that will allow organisations to use personal data for specific business purposes without consent.

The PDPC said this would encourage organisations to use such data to improve and develop innovative products and services.

Noting that data is a key enabler of digital transformation, PDPC’s deputy commissioner, Yeong Zee Kin, said “a balance must be achieved between data protection and business innovation”.

“We are taking firm steps to position Singapore as a trusted data hub in the global digital economy by seeking feedback on the proposed data portability and innovation provisions,” he said.

Besides Singapore, the European Union, Australia, India, Japan and New Zealand are planning to implement or have implemented similar provisions in their respective data protection regimes.

Read more about data protection in APAC

  • Find out what governments in APAC are doing to keep companies on their toes in securing personal data.
  • Singapore is planning to review its personal data protection laws to keep up with the changing technology landscape.
  • The Data Protection Excellence network will assist organisations and individuals new to data protection laws by providing hands-on training and professional certification courses.
  • Companies and data management experts across APAC reveal how they are tackling data management challenges that have been compounded by growing cloud usage and compliance requirements.

The PDPC has launched a public consultation exercise on the new provisions from today until 3 July 2019.

Separately, the PDPC has updated its guidelines to help organisations better deal with data breaches in view of the upcoming mandatory data breach notification rules. For example, organisations are recommended to notify the PDPC of data breaches affecting 500 people or more.

They should also conduct internal investigations and assess a potential data breach no longer than 30 days from the time they are aware of the breach. And if data breach notification thresholds are met, the PDPC should be notified no later than 72 hours after the assessment has been made.

Read more on Privacy and data protection

Data Center
Data Management