Home | Databases | WorldLII | Search | Feedback University of New South Wales Faculty of Law Research Series

Greenleaf, Graham --- "Singapore’s new Data Protection Authority: Strong enforcement powers and business risks" [2013] UNSWLRS 25

Last Updated: 18 April 2013

Singapore’s new Data Protection Authority: Strong enforcement powers and business risks

Graham Greenleaf University of New South Wales

This paper is available for download at Available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2251284

Citation

This paper was published in Privacy Laws & Business International Report, Issue 121, February 2012, 14-16. This paper may also be referenced as [2013] UNSWLRS 25.

Abstract

Singapore’s Ministry of Communications and Information (MCI) has quickly brought into effect on 2 January 2013 the Personal Data Protection Act (PDPA) enacted in October 2012. This article analyses the enforcement aspects of the Act. The data protection principles in the Act are analysed in <http://ssrn.com/abstract=2212608> .

The structure and functions of the Personal Data Protection Commission are explained, and why it is not as an independent statutory authority. The artice examined the various methods of dispute resolution at its disposal; avenues of appeal; the extent of transparency of the complaint and appeals processes and the advantages and disadvantages of this; and the remedies available, including through the courts as well as the Commission. The vicarious liability of employers for breaches and the personal liability on company officers for offences give non-compliance an unusual level of risk.

The article concludes that although the standards for compliance with Singapore’s Act may not turn out to be very high, and it has exemptions of sweeping and partly unknown scope, that Act appears to have a serious and multi-faceted ‘enforcement pyramid’. It is a data privacy law which may have surprising results.