Home | Databases | WorldLII | Search | Feedback University of New South Wales Faculty of Law Research Series

Greenleaf, Graham --- "Singapore’s Personal Data Protection Act 2012: Scope and principles (With so many exemptions, it is only a ‘known unknown’)" [2013] UNSWLRS 10

Last Updated: 8 February 2013

Singapore’s Personal Data Protection Act 2012: Scope and principles (With so many exemptions, it is only a ‘known unknown’)

Graham Greenleaf, University of New South Wales


This paper is available for download at Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2212608

Citation

This paper was published in Privacy Laws & Business International Report, Issue 120, December 2012, pgs 1, 5-7. This paper may also be referenced as [2013] UNSWLRS 10.

Abstract

Singapore’s legislature enacted the Personal Data Protection Act on 15 October 2012, making it the tenth jurisdiction in Asia to enact a data privacy law. It is the fourth data privacy law enacted in the ASEAN (Association of South East Asian Nations) region. This article explains the scope of Singapore’s Act, and its data privacy ‘General Rules’.

Singapore’s Act now implements all of the OECD privacy guidelines (with very substantial exemptions and qualifications), and adds some extra protections. The complex provisions defining the scope of the Act, providing many exceptions, reveal some of its weaknesses as data protection. These exemptions make the scope of the Act a ‘known unknown’. Many aspects are quite balanced. While the Act exempts data intermediaries, it make data controllers vicariously liabile for their acts. Similarly, data exports may be allowed, but may also carry vicarious liability. The exceptions to the collection, use and disclosure principles are extremely extensive. The overall result appears to be a minimal version of a ‘normal’ data privacy law, but an Act that is more more holes than cheese.

The article will be followed in the next issue with an examination of the Act’s enforcement measures.