SPEECH BY PATRICK TAY TECK GUAN, MP FOR PIONEER SMC AT THE 2ND READING OF THE PERSONAL DATA PROTECTION (AMENDMENT) BILL ON 2 NOVEMBER 2020

SPEECH BY PATRICK TAY TECK GUAN, MP FOR PIONEER SMC AT THE 2ND READING OF THE PERSONAL DATA PROTECTION (AMENDMENT) BILL ON 2 NOVEMBER 2020

Mr Speaker, Sir, I declare my interest as a member of the Data Protection Advisory Committee of the Personal Data Protection Commission (“PDPC”).p

I rise in support of this Bill, which seeks to achieve the twin objectives of strengthening consumer confidence that their personal data will be used responsibly; and enabling organisations to confidently harness personal data for innovation, which in turn, would benefit our citizens and Singapore’s economy. It has been 8 years since the PDPA was enacted in 2012. The objective then was to provide a baseline standard for data protection in the private sector.

This Bill seeks to introduce, inter alia, the concept of organisational accountability, mandatory data breach reporting to the PDPC, new requirements for organisations to conduct risk assessments, a new data portability obligation to enhance consumer autonomy, a higher financial penalty cap, enhanced enforcement of the Do Not Call provisions and new exceptions and definitions of consent to facilitate the use and movement of data by organisations.

Undeniably, there will be some who will question the timing and impact of these proposed amendments. After all, we are only starting to see the effects of the COVID- 19 pandemic unravelling and facing a probable imminent global recession. These hamendments will necessitate changes in an organisation’s policies, systems and processes. With organisations already trying to cope with stretched resources and trying to avoid going belly-up, measures such as stiffer fines for data breaches, or making it mandatory for organisations to notify the PDPC may seem counterproductive. Nevertheless, I support the proposed amendments for the following reasons.

Opportunities in a Data-Driven Economy

These long-contemplated amendments are vital and tabled none too soon. As we have read in the news, e-commerce and tech companies are looking to expand or invest in Singapore, using Singapore as a launchpad for expansion, not only into the ASEAN region but globally as well. Singapore has hitherto taken steps to establish and position itself as a data hub. There is therefore no better time than the present, to refine our data protection regulations as we continue in our race to lead in a data-driven economy.

We must recognise and seize these opportunities; to ride the tech wave. Speaking also as the Assistant Secretary-General of the National Trades Union Congress (“NTUC”), the creation of job opportunities and the sharpening of Singapore’s innovation capability without question, would – and can only – be advantageous to our workers in this current economic climate. The refinement of our data protection framework and policies that support the growth of our digital economy is an essential element in our nation’s overall blueprint for the future and for continued growth. With our infrastructure and links to the region and the world, we are in a good position to ride the tech wave and to continue tapping and building on our potential and strengths.

Furthermore, data protection laws are still in an early evolutionary stage globally. These proposed amendments seek to bring our data protection laws in greater alignment with the global standard. Indeed, our aspiration is not just to keep up with data protection regulations like the GDPR. We have more than a fighting chance of becoming one of the leading authorities in data protection in the region and in the world.

For Consumers

At the same time, consumers are increasingly aware and concerned about the way their personal data is collected, used and shared. They demand for convenience, speed, personalised user experience, flexibility and at the same time, greater confidence and assurance in the way their personal data is safeguarded and used. I hope this set of changes will let consumers be assured in this respect. This is especially important in light of the latest compromise of 1.1 million user accounts of Lazada’s online grocery arm, Redmart.

Firstly, the framework for the collection, use and disclosure of personal data will be updated to enable consent to be sought when meaningful and necessary. Where consent is not sought, safeguards will be put in place for organisations to be held accountable for their practices.

For example, with the introduction of the notification with opt-out option, organisations will be able to obtain meaningful consent from consumers and use this data in new ways. However, organisations must first ascertain that there is no adverse effect on the individual before obtaining consent in this manner.

Even as businesses are given more scope to leverage data, consumers will still have flexibility and the ability to opt out if and when they so choose. Express consent will still be required for organisations to send direct marketing messages. Updates to the Spam Control Act and Do Not Call (DNC) provisions will allow consumers greater protection from unwanted communications across all direct communications platforms, i.e. voice calls, SMS, IM and emails. At the same time, with the new Data Portability obligation, consumers no longer need to worry about being locked-in to a single service provider and can easily switch to new services.

For Businesses

For businesses concerned with the increase in the limits of financial penalties – there is no cause for alarm, as this is targeted towards irresponsible organisations in the most serious cases. Similarly, the introduction of new offences is only intended for individuals who egregiously mishandle personal data, and not where employees are acting within the scope of their employment, or for data professionals, cybersecurity specialists, Artificial Intelligence engineers or researchers carrying out legitimate activities.

Clarifications

While I am supportive of the amendments to the Bill, I would be grateful if the Minister could address the following concerns:

? The costs and investment in complying with the new data portability obligation may be significant. Will organisations, especially SMEs, receive any assistance in this regard? Can the Minister share how MCI/PDPC plan to help reduce the compliance burden on organisations?

? The proposed amendments seek to remove the exclusion for organisations acting on behalf of public agencies from compliance with the PDPA obligations. Can the Minister elaborate on the impact of this amendment and how organisations acting as the data intermediaries of public agencies can be accorded protection in the performance of their tasks? Can such organisations reasonably comply with their obligations under the PDPA, given that public agencies (i.e. the principal) are not subject to the provisions of the PDPA?

? The proposed criminal offences against individuals for the mishandling of personal data have been drafted rather widely. Would the Minister be able to provide some guidance on when and how these provisions would apply?

Sir, clarifications notwithstanding, I stand in support of this Bill.

Naren N.

Strategic Analysis | Advisor | Board Member | Advance Technology Innovation | Global Top 100 Award | Global Network of 10,500 Most Impactful CxOs

4 年
回复
Naren N.

Strategic Analysis | Advisor | Board Member | Advance Technology Innovation | Global Top 100 Award | Global Network of 10,500 Most Impactful CxOs

4 年

Use of consumer data beyond the original intent and use for AI/ML downstream applications are areas of concern and I am looking forward to the related provisions...

要查看或添加评论,请登录

社区洞察

其他会员也浏览了