As an overarching theme, the COS speech envisioned a future where Singapore is not only economically vibrant but also socially stable and cyber secure. It was against this backdrop that the various measures and changes were announced, which span an array of topics ranging from improving technological literacy to revamping Singapore's digital ecosystem.

More than a penny for your data

One major change announced is an increase in the regulatory fine imposed for breaches of Singapore's baseline data protection legislation, the Personal Data Protection Act 2012 (No. 26 of 2012) ('PDPA'). Presently, this financial penalty is capped at SGD 1 million (approx. €681,228). Following the amendment, which will take effect from 1 October 2022, the cap in penalty that may be levied on an organisation that contravenes the PDPA will be raised to 10% of local annual turnover if that turnover exceeds SGD 10 million (approx. €6,812,126). For organisations whose turnover is still below SGD 10 million, the existing SGD 1 million (approx. €681,228) cap will continue to apply.

By giving the PDPA greater bite, coupled with refined disclosure obligations particularly if certain exceptions to consent are sought to be relied on for the processing of personal data, there will be increased recognition of the importance of data and its protection as a whole, as well as an enhancement of individuals' rights over their data. In connection with these, the amendment further signals a more robust and active enforcement stance by Singapore's regulatory body when it comes to holding businesses accountable for lapses in data protection, including any misuse of data.

Review of the cybersecurity act

On the topic of cyber threats, the COS also proposed a review of the Cybersecurity Act 2018 (No. 9 of 2018) ('the Cybersecurity Act'), with the intention of updating it to take into account recent developments in an ever-evolving and complex cyber threat landscape. The Cybersecurity Act, which has been in force since March 2018, was originally enacted with the chief aim of establishing a legal framework for Singapore to oversee and maintain its national cybersecurity, including across numerous key sectors. Presently, a review of the legislation is being carried out to enable Singapore and various stakeholders to better prevent, manage, and respond to cybersecurity threats and incidents. The review of the law is poised to be completed by 2023, following consultations with industry and the public. This review is especially timely given the frequency of cyber attacks in the wake of the COVID-19 pandemic, which is likely to increase as the trend of digitalisation continues to gain traction.

Alternative dispute resolution and mediation

The COS speech cast renewed focus on mediation as an alternative means of dispute resolution, by introducing an Alternative Dispute Resolution ('ADR') Scheme which is to be administered by the Singapore Mediation Centre. The primary objective behind this scheme is to provide consumers and small businesses with an avenue to resolve their disputes with their telecommunication and media service providers in a quick and cost-efficient manner. The scheme, which covers only certain claims up to a dispute value of SGD $10,000 (approx. €6,810), operates as a two-stage process, with parties undergoing mediation in the first instance, and failing that, a determination. Disputes covered by this scheme would include disputes regarding mobile services (e.g., voice, data, SMS, VAS, and PRS), fibre connection services, and subscription TV services. In contrast, services that are less common or unlicensed by the Infocomm Media Development Authority ('IMDA') (such as billing on behalf services such as app store purchases or over-the-top media streaming services) are excluded from the scheme.

There are two features particularly unique to this scheme. Firstly, in a departure from the traditionally voluntary nature of mediation, service providers must, as a mandatory requirement, participate in such mediation processes if the matter does proceed under the scheme. Secondly, and specifically on the issue of costs, the scheme recognises the differences in the positions of the consumer (or a small business) and the service provider. Thus, the service provider will generally be the one bearing the bulk of the costs of such dispute resolution. It is hoped that these features will translate not only to cost savings but a swifter resolution of disputes for both consumers and businesses alike, as compared to a fully drawn-out dispute before the courts. In fact, it is projected that a typical resolution of a dispute under the ADR scheme will take only two and a half months. 

The future is digital

Following the COS Speech, the slate of proposed measures is set to take effect in 2022, while the review of the Cybersecurity Act is poised to be completed by the end of 2023. With just months to go before the PDPA amendments go fully into effect, firms should take the time to review their data practices and policies so as to avoid falling afoul of the PDPA regime.

Understandably, from the perspective of a business, the newly announced measures may be viewed as a mixed bag. While the improvements to Singapore's technological literary and digital infrastructure are definitely worth celebrating, it is possible that some may lament the increased regulatory oversight, heightened standards of compliance, and the accompanying stricter enforcement and financial sanctions for any non-compliance with applicable regulatory requirements. However, that is only half the story. It is beyond doubt that businesses have benefitted tremendously from greater access to data, the fuel of today's digital economy, and hence the forthcoming changes should really be seen as a real opportunity for firms to further improve or reinvent their consumer engagement, ultimately resulting in a richer, more accurate and holistic understanding of their customers and the markets in which they operate.

Charmian Aw Counsel
[email protected]
Reed Smith LLP, Singapore

Adrian Aw Director
[email protected]
Leon Goh Practice Trainee
[email protected]
Resource Law LLC, Singapore