Opening remarks

1. A very good morning, good afternoon and good evening to all. 

2. I would like to extend a warm welcome to everyone participating in the 53rd Asia Pacific Privacy Authorities (APPA) Forum. The past few months have been a challenging period for all, and I hope that you are keeping healthy. 

3. Singapore is hosting the APPA Forum during extraordinary times, as many countries are still in the midst of battling the COVID-19 pandemic. We have had to adjust and organise a virtual forum instead, a first for APPA, but I am heartened by the strong turnout from various locations, across different time zones. It is evident that the current pandemic has not dampened our cooperation and commitment to data protection and privacy. 

Complex interplay between data protection and data innovation

4. Technology and data have helped in our fight against the pandemic. The importance of making effective use of data while at the same time observing good data protection practices is now part of the public consciousness. 

5. Organisations have a role to play in various COVID-19 response measures, assisting in contact tracing and ensuring a safe work environment for employees who have to go to the work place. At the same time, they face increased risks of data and cybersecurity incidents when the majority of employees are working from home. Several data protection regulators such as Hong Kong’s Personal Data (Privacy) Ordinance (PDPO), the Chair of European Data Protection Board (EDPB) UK ICO and PDPC included, have published advisories to provide guidance to organisations . We have dedicated time at this Forum to discuss COVID-19 issues. I look forward to hearing from my fellow APPA Members on how you have responded to data protection and privacy challenges arising from COVID-19. I also plan to share about PDPC’s role in supporting Singapore’s national response.

6. Someone famous once said that we should not let a good crisis go to waste. COVID-19 has been more effective than CEOs, CIOs and even governments in accelerating digitalisation of our economy. COVID-19 has validated the need for all businesses to be omni-channel, developing an online channel in addition to brick-and-mortar storefronts. While shops in retail malls and heartlands had to close, those who were able to sell their products and services online could still do so. Many of us ordered meals and bought merchandise online, and these were delivered to our homes. When you sell online, your market is global and need not be domestic. This is why Singapore believes in accountable and trusted data flows across borders. 

7. On this note, I am pleased to announce that the PDPC has amended our Personal Data Protection (PDP) Regulations relating to “Transfer of Personal Data outside Singapore” (“Transfer Regs”). We now recognise the APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) as transfer mechanisms in their own right. This important development allows organisations in Singapore to transfer personal data to an overseas recipient that is CBPR- or PRP-certified. Japan has also adopted the same approach. This means that personal data flows between Singapore and Japan companies within the APEC CBPR and PRP system can become seamless as more companies are certified. This is a message that we hope to bring to companies operating in our two countries in our joint workshops with Japan. 

8. The APEC CBPR and PRP network continues to expand. Domestically, we are working hard to promote take-up. CrimsonLogic was recently certified as our first APEC CBPR company and we have five more companies in the pipeline. We look forward to working with like-minded counterparts in Australia, Japan, Republic of Korea, Philippines and the United States to promote this network. At the same time, Singapore will work actively and constructively within APEC to continue enhancing standards and develop this as an effective framework for the Asia Pacific. 

9. Given the fragmented cross-border data flows landscape, Singapore recognises the need to promote interoperability between regional and international data transfer frameworks. We have been actively working within ASEAN to develop our Cross Border Data Flows Mechanism to facilitate data flows between ASEAN member states. The ASEAN mechanism built on the ASEAN Framework on Personal Data Protection, which references the APEC Privacy Framework. The ASEAN mechanism should therefore be interoperable with APEC CBPR and PRP systems. 

Conclusion

10. I believe many of you would agree with me that our role as data protection authorities has become more pertinent, but also more challenging, than before. The importance of this community of data protection authorities cannot be gainsaid. Meetings like this are important to building friendships, which carry on between formal meetings. We have had several bilateral conference calls to share knowledge and discuss common issues during this COVID-19 pandemic.

11. We have an agenda over the coming three days with an interesting range of topics, and I am briefed that many of us have raised our hands to speak. I am sure that we will be sharing candidly and I look forward to a lively discussion.