Singapore moots inclusion of data portability in data protection law
Singapore is looking to include a data portability component in its Personal Data Protection Act (PDPA) as part of efforts to ease data flow between service providers as well as provide consumers with “greater control” over their own data. The update to the bill will establish a framework to guide all parties involved on issues such as how businesses should give consumers sufficient information on how ported data will be used and interoperability and security standards to improve data flow.
The inclusion of a data portability component is part of the government’s review of the PDPA, introduced in 2012, according to the Personal Data Protection Commission (PDPC), which oversees the enforcement of the act. Alongside the Competition and Consumer Commission of Singapore (CCCS), the PDPC released a discussion paper on Monday outlining details about data portability and its proposed introduction.
The PDPC defined data portability as a requirement for businesses to transmit a copy of an individual’s data, held by the organisation in a “commonly used machine-readable format”, to another organisation upon the individual’s request.
Singapore’s Minister for Communications and Information S. Iswaran said: “Data is a key enabler of digital transformation, but a delicate balance must be struck between data protection and business innovation. [The] discussion paper on data portability…sets out our thoughts through the lens of personal data protection, competition, and data flows to support services and innovation in the digital economy.”
PDPC said the document offered a framework for all parties to discuss data portability and assessed how cross-sector portability could be fulfilled, including implementation challenges and limitations.
It further noted that “cross-sectoral data portability” was necessary to facilitate technological innovation that drove new business models that transcended traditional industry boundaries. This included enabling the porting of consumer data across service providers while giving businesses more access to data, it said.
Broadening the diversity and volume of data could help companies generate better insights, where these could be tapped to optimise or develop products and services better tailored to customers’ needs, the PDPC said. Data portability also could potentially lower barriers to entry for new businesses, it said.
In addition, it could give consumers more control and flexibility over the data they wanted to share. They also could move between service providers without losing past records and dealings with previous service providers.
PDPC said: “For example, an individual’s transactional data such as loan or credit repayments, and purchase histories that have been built up over the years with one service provider, can potentially be moved to a new service provider. Access to such data would enable the service provider to make an improved offer, thereby, benefitting the individual. This reduced cost of switching also creates incentives for competitive services.
“Commencing discussions of data portability is important for clarity and work in areas such as data interoperability and security standards, and as more jurisdictions begin exploring or implementing data portability.”
New pilots including a drowning detection system are in the works, as the government continues to push its smart nation goal alongside an open, API-driven framework. But it stresses the importance of security in rolling out new services and acknowledges the country needs to do better, particularly, following the SingHealth data breach.
As businesses capture more information about customers, consumers need to be more informed about such practices and industry guidelines and codes of conduct must evolve to ensure responsible data use.
Singapore government is setting up an advisory council to look at the “ethical use of artificial intelligence and data” as well as recommend codes of practice and governance.
Commercial businesses can now access citizen data, such as mailing address and passport numbers, stored in the national MyInfo database, in a move the Singapore government says is aimed at improving service efficiency.
Singapore government has been opening up user data access to ease information exchange and business transactions, but it should observe some caution as major organisations continue to slip up over security.