26 April 2018
The Personal Data Protection Commission (‘PDPC’) announced, on 19 April 2018, that it had issued a fine of SGD 6,000 (approx. €3,700) to Actxa Pte. Ltd, operator of the Actxa app, for the unlawful collection and processing of personal data (‘the Decision’) in breach of Sections 13 and 18 of the Personal Data Protection Act 2012 (‘PDPA’). The Decision follows a complaint from an individual that the app had transferred personal data from the smart weighing scale to Actxa’s server without the individuals consent.
Woon-Chooi Yew, Senior Partner at Dentons Rodyk & Davidson LLP, told DataGuidance, “The Decision is significant as it is the first time the PDPC has considered a case relating to personal data collected through IoT. While not obtaining requisite consent may be a common compliance issue, the issue of what type of consent is necessary in relation to the transfer of data through Internet of Things (‘IoT’) has not been previously considered […] The Decision highlights the need to specifically notify users of the collection of personal data which may not be apparent to the user.”
This decision serves as a good reminder for companies in Singapore to carefully review their PDPA compliance measures and ensure they have fully complied
The PDPC, in calculating the fine, took into account that Axtca had accepted the complaint in good faith, cooperated fully with the investigation being forthcoming in providing information to the PDPC.
CLAUDIA STRUGNELL | Privacy Analyst