Opening Remarks by Commissioner, Mr Lew Chuen Hong, at DPO Symposium, on 24 May 2021

24 May 2021

1. Good morning everybody. It is really a great pleasure to be here with you today at our second DPO Symposium.

In the middle of difficulty lies opportunity

2. The world is weathering another flare-up in the ongoing COVID-19 pandemic. At the same time, our experience last year has shown that digitalisation helps us weather this storm a lot better. Businesses have stepped up their online presence and those who do so continue to function well even when the physical interactions are limited. In the silver lining, within the pandemic, has been the rapid expansion of our digital economy. It has therefore seen a rise in data collection and its use, data analytics, innovation, have become a lot more commonplace. 

Providing guidance in the digital economy

3. The PDPC would like to help businesses use that data responsibly to grow businesses, compete well, and to develop new products and services. The PDPA was amended to do just that. As of February this year, the PDPA was streamlined and requirements were clarified. We have introduced new exceptions that you can use to perform research, streamline business operations, and well as perform other legitimate uses.

4. In the panel later, you will hear from several companies who will be sharing their experience of how they have leveraged these exceptions to enable better innovation. We plan to provide more real examples for companies to learn from and to develop case studies and templates, so that businesses can learn how to responsibly innovate and develop new services, and we welcome all businesses to take part in this journey. 

Data breaches can be prevented

5. At the same time, better use of data also requires more emphasis to do so responsibly and to protect that data. The PDPA was also amended to make that much clearer. With mandatory notifications as well as enhanced penalties, the aim was to ensure companies do remain accountable for the data that they use. 

6. Over the past years, the PDPC has investigated more than 600 cases and issued more than 100 decisions. Many of these cases could have been prevented. In recent years, we have seen increasing amounts of issues related to ICT management and the failures to do so at that level. 

7. The PDPC therefore has identified the most common ICT gaps, as well as the corresponding good practices that organisations should put in place. We will be sharing more of these and how you can guard against these common types of data breaches as you perform your businesses. 

Establishing trust in global data flows

8. Looking beyond Singapore, the digital economy is one without boundary constraints. Cross border data flows are important to support global digital trade and e-commerce. The legislative frameworks on data protection vary with different countries, and at times this makes it challenging for businesses to do data transfers.

9. To ensure personal data can flow smoothly across borders, the PDPC is focused on building interoperability in data protection regulations through common standards and mechanisms. The predominant transfer mechanism in use around the world are contractual clauses, as they are the most flexible and recognised under all data protection systems.

10. Within ASEAN, Singapore plays an active role in capacity building and we have developed common mechanisms such as the ASEAN Model Contractual Clauses (MCCs) which perform this function. This is an important effort as the economies in ASEAN have many inter-dependencies, and the convergence of data protection laws will enable better cross border transfers of data by all the companies.

11. This Privacy Awareness Week also sees discussions on the ASEAN MCCs together with our partners from The Law Society of Singapore, as well as a session with our friends from the European Commission to examine how ASEAN MCCs and EU SCCs can pave the way for data transfers across different regions.

Conclusion

12. In conclusion, the PDPC aims to strike that continued balance. On one hand to foster an environment that makes it easy for businesses to work with and to innovate with data, but also one where protection and security are not taken for granted because it is only when there is trust in the overall data system can we fully benefit from the use of data. 

13. We look forward to working closely with the entire DPO community and thank you, I look forward to a fruitful week ahead.

Tags: