Singapore: Parliament passes amendments to PDPA and Spam Control Act
The Ministry of Communications and Information ('MCI') announced, on 2 November 2020, that the Parliament of Singapore had passed the proposed amendments to the Personal Data Protection Act (No. 26 of 2012) ('PDPA') and the Spam Control Act 2007. In particular, the MCI highlighted that the amendments aim to better align the PDPA with international best practices and global frameworks.
Key amendments include the following:
- The introduction of an accountability principle in order to strengthen consumer trust;
- Mandatory data breach notification provisions;
- Enhanced enforcement powers for the Personal Data Protection Commission;
- Higher maximum financial penalties of up to 10% of an organisation's annual turnover in Singapore, or SGD 1 million (approx. €626,220), whichever is higher;
- A data portability obligation enabling individuals to request that a copy of their personal data be transmitted to another organisation;
- Improved controls for commercial communications through amendments to both the PDPA and the Spam Control Act;
- Expansion of deemed consent for contractual performance; and
- A legitimate interest exception to consent.
The proposed amendments will enter into force upon their signing and publication in the Gazette.