Asia Pacific Data Protection

Singapore Singapore law is commercial flexible and business friendly. Prior to 2012, the law did not have over compensating legislation on data protection. During that year, the Singapore Parliament passed their Personal Data Protection Act (PDPA). The Personal Data Protection Act as two primary aspirations, 1) to enhance an individual’s control over their personal data, defined it as “information about an identified or identifiable individual” and 2) to enhance Singapore’s competitiveness and strengthen its position as a trusted business hub. The Personal Data Protection Act does not reference a fundamental right of privacy.

The PDPA only takes the high-level approach and leaves the detailed rulemaking to sector-specific efforts by the industry’s regulatory agencies. It also addresses the collection, use, and disclosure of personal information, the transfer of personal data outside of Singapore, the protection and retention of personal data, the right to access and correct personal information, and sanctions and enforcement mechanisms. It provides the authority to fine organizations. The fine amount does not exceed $1 million for rule violations. It gives the private right of action for people suffering loss or damage resulting from a violation of the PDPA.

Hong Kong Hong Kong's Legislative Council amended their own main data protection regulation called The Personal Data Ordinance. It was developed in June 2012 and remained largely unchanged since its adoption in 1997. Like the Singapore’s PDPA, the ordinance sets forth principles related to, 1) the purpose and manner of collection of personal data, 2) the accuracy and retention of personal data, 3) the use of personal data, 4) the security of personal data, 5) information that should be made generally available, and 6) access to personal data. Although the ordinance prohibits the transfer of personal data outside of Hong Kong except in specified circumstances, these cross-border transfer rules are not yet in force.

The 2012 amendment drastically increases penalties and introduces new offenses particularly focused on direct marketing and unauthorized disclosure of personal data. Malicious disclosure of personal data without consent, for example, now carries a maximum penalty of up to $1 million and imprisonment for up to five years. The amendment also enhances the authority of the Privacy Commissioner for Personal Data and introduces a new scheme whereby the commissioner may provide legal assistance to individuals.

Overview of this Topic

Data Privacy Standards

Works Cited

“International Privacy Standards.” Electronic Frontier Foundation, https://www.eff.org/issues/international-privacy-standards

“Data Protection Regulation in the Asia Pacific: Trends and Recent Developments.” Data Protection Regulation in the Asia Pacific: Trends and Recent Developments, http://www.wileyrein.com/newsroom-newsletters-item-4774.html