19 February, 2013
Legal News & Analysis – Asia Pacific – Singapore – TMT
1. On 5 February 2013, the Personal Data Protection Commission (“PDPC”) issued 3 consultation papers to seek public feedback on:
(a) the proposed regulations on personal data protection in Singapore (“Proposed Regulations”);
(b) the proposed advisory guidelines on key concepts in the Personal Data Protection Act 2012 (“PDPA”) (“Key Concepts Guidelines”); and
(c) the proposed advisory guidelines on the Personal Data Protection Act for selected topics (“Selected Topics Guidelines”).
2. This is the first public consultation exercise launched by the PDPC to consult on the Proposed Regulations and proposed advisory guidelines, which are expected to help organisations get ready for the phased implementation of the PDPA as it comes into effect from 2014. The PDPC has indicated that the Proposed Regulations and proposed advisory guidelines are intended to provide organisations and individuals greater clarity by elaborating on specific requirements, obligations and interpretations under the PDPA.
3. In relation to the Proposed Regulations, the consultation paper focuses on the positions relating to:
(a) the form, manner and procedures for making and responding to requests for access to or correction of personal data, including the period for such responses;
(b) the requirements to be complied with by organisations for the transfer of personal data out of Singapore; and
(c) the classes of persons who may act for minors or other individuals who lack capacity to act and the manner and extent to which any rights and powers of individuals under the PDPA may be exercised.
4. The PDPC envisages that the issues in paragraphs 3 (a) to (c) above, as well as procedural and administrative matters such as the form, manner and procedures relating to applications and complaints to the PDPC, will be contained in the Personal Data Protection Regulations.
5. Further, the PDPC has indicated that issues relating to: the form, manner and procedure for appeals to an appeal committee under the PDPA, the composition of offences under the PDPA, and various matters relating to the operation of the Do-Not-Call (“DNC”) registry are standalone matters likely to be contained in separate regulations. In addition, the PDPC has also indicated that it intends to consult on the regulations regarding the DNC registry around mid-2013.
6. In relation to the proposed advisory guidelines, the PDPC has issued two consultation papers: one on the proposed Key Concepts Guidelines, and the other on the proposed Selected Topics Guidelines. The PDPC has stated that the advisory guidelines issued by the PDPC are not legally binding on the PDPC nor on any other party, but are intended to indicate the manner in which PDPC will interpret the provisions of the PDPA, and to provide organisations with greater clarity on the provisions of the PDPA.
7. The proposed Key Concepts Guidelines elaborates on key concepts in the PDPA, including the interpretation of key terms such as the definition of personal data, the key obligations of organisations under the PDPA (including the obligations regarding the obtaining of consent for the collection, use and disclosure of personal data, and the treatment of existing personal data), as well as the DNC provisions.
8. The proposed Selected Topics Guidelines are intended to be read in conjunction with the Key Concepts Guidelines. Particular issues which may be of specific concern to businesses and the general public are explained in the Selected Topics Guidelines. These topics include analytics and research, the anonymisation of personal data, employment, NRIC numbers, and online activities. Further, the PDPC has also indicated that it will continually assess the need to issue guidelines in future on other topics to facilitate understanding and compliance with the PDPA obligations.
9. Interested persons are invited to submit their responses by 5pm on 19 March 2013. The public consultation documents may be accessed via the following links:
(a) PDPC consultation paper on Proposed Regulations on personal data protection in Singapore; and
(b) PDPC consultation papers on the proposed Key Concepts Guidelines and Selected Topics Guidelines.
10. We will continue to monitor developments in this area and provide further updates at appropriate junctures.
For further information, please contact:
Lim Chong Kin, Director, Drew & Napier