On September 13, 2011, the Singapore Ministry of Information, Communications and the Arts (the “Ministry”) published a Proposed Consumer Data Protection Regime for Singapore, outlining possible ideas for a data privacy framework and soliciting comments from the public. A few of the suggestions from the Ministry’s proposal that appear most likely to be reflected in a final data privacy law are outlined below.

  • The proposed framework would provide a baseline applicable to all private sector organizations, to ensure universal minimum standards for the protection for personal data.
  • More stringent protections that exceed the basic minimum requirements may be implemented for particular industry sectors.
  • Public sector organizations would continue to be bound by the existing framework applicable to them, and would not be subject to the new framework.
  • Disclosure of personal information, and possibly also collection and processing of personal information, would require the informed consent of individual data subjects.
  • The framework should be drafted so as to enhance and preserve Singapore’s status as an international business center and a principal location for global data management and processing services.

The Ministry also suggested that the new data privacy framework should not include specific consent requirements for sensitive personal data, though the legislature could impose such requirements through the enactment of industry-specific laws. With respect to cross-border data transfers, the Ministry offered for comment a loose, principle-based approach that would require data users to ensure that appropriate measures are taken to protect personal data at its destination. The Ministry did not offer any firm proposal on extraterritorial application of the framework, but did solicit comments from the public in that regard.

Currently, Singapore has no binding comprehensive data privacy law. Some businesses in Singapore adhere to a voluntary Model Code based on the OECD Guidelines, with certain sector-specific laws and common law principles applying to the handling of personal data. Although there is no definitive timetable for the enactment of a data privacy framework in Singapore, it is possible that a draft bill may be published in early 2012.

Submissions from the public regarding the proposed framework are due to the Ministry by October 25, 2011.