Friday, November 4, 2011

Singapore issues consultation on a proposed consumer data protection framework



http://ow.ly/7iVuh

This article is from the law firm DLA Piper appearing on the website information.dla.com, and lists Matt Gylnn as the contact.

The article discusses a proposed new law in Singapore regarding data protection.  The article states, "On 13 September 2011, the Ministry of Information, Communications and the Arts (MICA) issued a consultation paper on Singapore's long-awaited data protection law (Proposal), which requested public feedback on the same. The new data protection law (DP Law), as proposed, will provide a minimal baseline standard for the collection, use and disclosure of personal data by organisations in the private sector."

The article discusses several topics addressed by the proposed new law including:
  • Consent Requirements 
  • Accountability Requirements
  • No Data Controller / Data Processor Distinction 
  • Disclosure Requirements
  • "Principle-based" Transfer Obligations
  • Right to Access and Correction 
  • Opt-out Registry for Unsolicited Marketing 
  • New Data Protection Regulator 
  • Heavy Fines 
  • Criminal Liability
The article provides specifics about each of the points referenced above.  Of interesting note the article states:

"Coverage and Overseas Application
The proposed law will apply to all organisations in the private sector in Singapore. For organisations outside of Singapore but which collects or processes data within the country, MICA is seeking views on whether the DP Law should cover those overseas organisations as well. This could mean that if a foreign company engages in data collection online and collects personal data from a person in Singapore, it is possible that it might be required to comply with the new law.

Consent Requirements
The proposed law will require organisations to obtain consent from individuals for the collection, use or disclosure of their personal data. This consent may be explicit or implied, depending on the circumstances. Further, individuals will be entitled to withdraw their consent at any time upon giving reasonable notice.

A number of exceptions to the consent requirement will be available under the proposed law, such as medical emergencies and data sharing during corporate mergers or acquisitions. Further, if an organisation outsources the collection or processing of personal data to a third party, subject to certain requirements, it will not be necessary for it to obtain separate consent for the inter-organisational data sharing."

No comments:

Post a Comment