Keynote Address by Deputy Commissioner, Denise Wong, at IAPP Asia 2025, on 9 July 2025

09 Jul 2025

  1. Good morning everyone. A warm welcome, to more than 600 regulators, industry leaders, and data protection professionals from around the world, to this year’s Asia Privacy Forum and AI Governance Global Asia, held in conjunction with Singapore’s Personal Data Protection Week. What a week it’s been. Our theme has been “Data Protection in a Changing World”, and the IAPP’s changing role over the years has mirrored the development of digital responsibility as a profession. From modest beginnings, it has become the world's foremost professional body for those who work at the intersection of data and technology. So, as we celebrate its 25th anniversary, I’d like to offer three birthday wishes for the IAPP as it looks ahead to the next 25 years and beyond.  
  2.  The first wish is that it will continue to reinvent itself to meet a broader set of challenges than ever before. The IAPP’s role in equipping and convening privacy and AI governance professionals is as critical and relevant today as it was when it was first founded in the year 2000. And as the world continues to change, its role in helping data and AI governance professionals balance an increasingly complex and diverse set of demands has grown in importance.
  3. The inclusion of the AI Governance Global event in this year’s agenda is therefore timely, as the role of data protection and AI governance professionals continues to evolve. In an AI-powered age, data protection professionals are being challenged to go beyond being a compliance function to making data governance a business enabler. Proper management of data, including understanding its provenance and the scope of consent taken, unlocks more relevant and insightful application of that data, including for AI applications. And even as different geographies debate how best to manage societal risks posed by AI, AI governance professionals are expected to deliver forward-looking solutions that manage business risks while enabling innovation.
  4. As regulators, we play an important role in helping to support professionals through this change. By setting clear expectations of what ‘good’ looks like, we can help companies navigate a changing world. This is why Singapore has work to develop a set of practical standards and frameworks which help businesses build trust as they innovate. We have upgraded our Data Protection Trustmark to a national standard, aligned to international best practices. The launch of the Global Cross-Border Privacy Rules regime last month – of which we are the deputy chair – has created a certification framework for onward transfers of data. We have also launched a new Safety Testing Starter Kit for Generative AI as a practical tool which takes in insights from a Global AI Assurance Pilot launched earlier this year in Paris. We welcome companies and regulators to use our Starter Kit – it’s free for all – and provide feedback on how we can make this more useful.
  5. Our hope is that these standards, frameworks, and tools will support data protection and AI governance professionals with practical ways to anchor the value of their work and build trust with customers and internal stakeholders, even as the demands they face continue to grow.
  6. Even without a crystal ball – and I promise I don’t have one – it is clear that in the future we will continue to see increasing pressure for data protection and AI governance professionals to take on a broader set of challenges. So, my first wish is that the IAPP continues to reinvent itself as it has done so well over the last 25 years, to equip the community with everything that is needed to navigate these increasingly broad roles.
  7. My second wish is that as it grows older, the IAPP will help us all grow wiser – to deepen our understanding of technologies and our ability to use them to solve real-world problems. Being at the intersection of regulation, technology, and society, data protection professionals must stay ahead of a wide range of developments, and understand their implications for data protection.
  8. In this respect, technology is double-edged – creating new challenges and risks, as well as increasing the options we have for managing them. I believe I speak for all regulators when I say that we are keen to see a greater adoption of privacy enhancing technologies as a positive sum game – enabling innovative solutions which help organisations embrace innovation while protecting and respecting data subjects.
  9. This is why Singapore’s Infocomm Media Development Authority created a PET Sandbox to provide a safe environment for businesses to experiment with deploying PETs on actual use cases. At last year’s Asia Privacy Forum, I announced the Sandbox would be expanded to include 'data use for Generative AI', and since then, we have seen interest from companies.
  10.  Building on this approach, the IMDA has drafted a PETs Adoption Guide which includes a tool to help organisations identify and evaluate suitable solutions for their business needs, and an implementation checklist to walk them through the journey from initial evaluation to sustainable implementation. Our hope is that this guide will help data protection and privacy teams as they guide their organisations to harness PETs.
  11. For the AI governance professionals in the room, we have also created an AI Assurance Sandbox. This grew out of the Global AI Assurance Pilot which I mentioned was launched earlier this year by the IMDA and AI Verify Foundation at the Paris AI Action Summit, and this was to study ways of testing the reliability of generative AI applications. In response to strong industry interest, both in Singapore and internationally, the Pilot has now been developed into a full Sandbox, helping model deployers demonstrate the reliability of their solutions while enabling testers to refine their approaches under regulatory guidance.
  12. However, regulatory support is not enough for organisations to realise the potential of technology to enhance privacy. Data protection professionals will need deep expertise and understanding of how the various technologies work and which ones are most applicable to the particular challenge or situation at hand. Thus, the IAPP’s role in developing privacy technologists will be crucial in bridging this knowledge and expertise gap, allowing them to effectively harness the right technologies in their work.
  13. My third birthday wish is that the IAPP will continue to bring us together. This is the fourth year the IAPP is hosting the Asia Privacy Forum here in Singapore together with our Personal Data Protection Week, and it’s been heartening to see both events grow from strength to strength. Over the course of the week, we’re expecting 2,000 regulators, data protection professionals, and industry leaders from Asia and beyond. On that note – a special welcome to all who have travelled from around the world to be here, and in particular to the many data protection authorities present in the room from ASEAN and beyond, with whom we have had many fruitful conversations over the last two days.
  14. The conversations this week are all the more important given the diversity of regulatory approaches which we have seen in data protection, and the range of perspectives on AI governance or regulation that have begun to emerge. Having constructive and practical discussions which bring these views together will help us chart the way forward as a community.
  15. So, we in Singapore are honoured to support the important work of building bridges between the diverse perspectives on data protection and governance which are represented in this room. And I look forward to many more years of welcoming the data protection and AI governance community back to Singapore to continue the conversation.
  16. In conclusion, as we open IAPP Asia 2025, and celebrate the IAPP’s 25th anniversary, I am confident that it will be just as relevant 25 years from now. And as it does so, my three wishes – that IAPP continually reinvents itself in the face of increasingly broad demands, that it helps data protection professionals grow wiser by deepening our understanding of technology, and that it brings our global community together – reflect the great work it has done and continues to do to equip data protection and AI governance professionals to tackle the challenges ahead.
  17. And as it does so, Singapore remains proud to partner with all of you to build a future where innovation and trust can flourish together. A future where we can build consensus around practical solutions despite our different starting points. A future which will be well served over the next few days, where we will establish new connections, learn from each other, and inspire collaborations that will shape the future of our profession and society as a whole.
  18. I look forward to building the future together with all of you, here at IAPP Asia 2025. Thank you.

Tags: