Singapore’s Personal Data Protection Commission recently found that the Singapore Taekwondo Federation violated Singapore’s Personal Data Protection Act (PDPA) by failing to protect minors’ personal data on its website. The PDPA was enacted in 2012 to “govern the collection, use and disclosure of personal data by organisations in a manner that recognizes both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.”
Singapore recently became the latest country to join the Asia-Pacific Economic Cooperation (“APEC”) Cross-Border Privacy Rules (“CBPR”) System. Singapore is the CBPR’s sixth participant, joining the United States, Mexico, Japan, Canada, and the Republic of Korea. Singapore also became the second country to join APEC’s new Privacy Recognition for Processors (“PRP”) program, joining only the United States.
As a member of APEC’s CBPR, Singapore’s personal data protection regime has been deemed to be in alignment with the CBPR’s focus on facilitating data flows between economies and preventing accidental disclosure and misuse of personal data vis-à-vis online transactions. Remarking on this move, Singapore’s Personal Data Protection Commissioner Tan Kiat How stated, “[t]he seamless exchange of personal data will enable certified Singapore business to plug into even more regional and global business opportunities. Meanwhile, our consumers will enjoy greater peace of mind when they shop or use vital services online.”
Endorsed by APEC Leaders in 2011, the CBPR is a voluntary, accountability-based system that implements the APEC Privacy Framework (the “Framework”) by reducing barriers to information flows, enhancing consumer privacy, and promoting interoperability across regional data privacy regimes. Created in 2004, the Framework was developed to facilitate the flow of information between the 21 APEC member economies and their trading partners, by promoting a common set of data privacy principles designed to strengthen consumer privacy protections, encourage digital commerce, and facilitate trade and economic growth. Both the CBPR and the Framework apply only to personal information controllers, whereas the PRP program focuses exclusively on personal information processors. Finalized in 2016, the PRP program was designed to certify privacy compliance for personal information processors within the Asia-Pacific region by offering a Trustmark certification to processors that demonstrate their capacity to assist data controllers in complying with relevant privacy obligations. The PRP program was created in order that (1) data controllers are able to identify qualified data processors to implement data controllers’ data processing obligations, (2) data processors are able to demonstrate their ability to provide effective implementation of a controller’s privacy requirements, and (3) small and medium-sized institutions are able to gain exposure and visibility into a global data processing network. Collectively, the CBPR, Framework, and PRP make up the three legs of APEC’s current data protection construct.
APEC is one of the leading Asia-Pacific economic forums designed to “support sustainable economic growth and prosperity in the Asia-Pacific region.” The three pillars of APEC’s agenda focus on trade and investment liberalization, business facilitation, and economic and technical cooperation. APEC currently has 21 member jurisdictions, including Australia, Brunei Darussalam, Canada, Chile, the People’s Republic of China, Hong Kong, Indonesia, Japan, Republic of Korea, Malaysia, Mexico, New Zealand, Papua New Guinea, Peru, The Philippines, Russia, Singapore, Chinese Taipei, Thailand, the United States, and Vietnam.
Singapore’s Ministry of Health (MOH) recently drafted a new Healthcare Services (HCS) Bill aimed to bridge the gap between the country’s changing healthcare needs and technological advances. According to the MOH, the healthcare landscape in Singapore is undergoing significant changes, including an ageing population, increased chronic disease prevalence, and advancements in medicine and health technologies. The HCS Bill will “better safeguard the safety and well-being of patients, while enabling new and innovative services that benefit patients to be developed, in the changing healthcare environment.”
Currently, healthcare providers in Singapore are licensed and regulated under the Private Hospitals and Medical Clinics Act (PHMCA), which was designed to protect patient safety through the licensing of physical healthcare premises. But, brick and mortar locations are quickly becoming a thing of the past as more and more healthcare services are delivered through mobile and online channels. MOH intends to respond to this shift by repealing the PHMCA and replacing it with this new HCS Bill.