Can Singapore learn from the European Union in tightening data protection laws?

Abstract

Since the enactment of the Singapore Personal Data Protection Act (PDPA), the Singapore Personal Data Protection Commission has taken many organisations to task, which promotes a high level of confidence in the PDPA among consumers. That said, with the rapid advancement of technology such as cloud computing and the fact that most published breaches in Singapore involved small- and medium-sized enterprises, it is worthwhile examining how an effective data protection law such as the PDPA can be further developed to improve the trust that consumers have in the law, as well as the environment of trust between businesses and consumers. The paper also examines the need to establish a protected and consensual flow of personal data for commercial use in today’s globalised and digital economy. In this regard, the General Data Protection Regulation (GDPR) aims to increase consumers’ confidence and with accountability as the key underlying concept is a suitable reference. This paper will first discuss the need for professional data protection officers in Singapore with reference to the new requirements under the GDPR and the possibility of increasing accountability with the PDPA in doing so. Second, it will examine the possibility of creating extraterritorial rights under the PDPA to address the issue of globalisation and technological issues.