The Personal Data Protection Act, 2012 (PDPA), Singapore’s general data protection law, governs the collection, use and disclosure of personal data. The Singapore Personal Data Protection Commission (PDPC), which enforces the PDPA, recently updated the chapter on data anonymization found in its Advisory Guidelines (Guidelines). The Guidelines are not legally binding but provide guidance on how the PDPC will interpret the PDPA. The revisions encourage organizations to incorporate into the process of anonymizing data an inquiry into the risks that the data may be re-identified and any potential negative effect on the individuals involved rather than focusing purely on the various techniques to anonymize the data.
In keeping with Singapore’s recent emphasis on strengthening national cybersecurity protections, on March 9, 2017, the Ministry of Home Affairs (MHA) announced proposed amendments to the existing Computer Misuse and Cybersecurity Act (CMCA). The proposed amendment, Bill No. 15/2017, would broaden the scope of the CMCA by criminalizing certain conduct not covered by the existing law and enhancing penalties in certain situations.
On November 7, 2016, the Standing Committee of the National People’s Congress of China promulgated the Cyber Security Law of the People’s Republic of China (the “Cyber Security Law”) after three rounds of readings in June 2015, June and October 2016, respectively. The Cyber Security Law will enter into force on June 1, 2017. As early as July 1, 2015, the National Security Law of the People’s Republic of China was promulgated, expressly providing that the state shall “safeguard sovereignty and security of cyberspace in the state,” a theme that is reiterated and emphasized in Article 1 of the Cyber Security Law. The introduction of the concept of “cyber space sovereignty” in the Cyber Security Law echoes the views of President Xi Jinping, who is also the head of the Office of the Central Leading Group for Cyberspace Affairs, and who has stated in February 2014 that “[n]o cyber safety means no national security.” Critically, the Cyber Security Law may have global implications, as the Law applies to both Chinese and international businesses engaging in the construction, operation, maintenance or use of information networks in China.
On Sept. 6, the Hong Kong Monetary Authority (the HKMA) announced two initiatives targeted at raising Hong Kong’s profile as a fintech hub: the setting up of the Fintech Innovation Hub (the Hub) and the Fintech Supervisory Sandbox (the Sandbox).
The Singapore government has renewed its emphasis on cybersecurity due to the increase in incidents affecting the private and public sectors both domestically and around the world. As a result, Singapore set up its Cyber Security Agency (CSA) on April 1, 2015, to oversee strategy, education, outreach and industry development. On April 11, 2016, Dr. Yaacob Ibrahim, Minister for Communications and Information, announced that the government would develop a Cybersecurity Act (Cybersecurity Bill), which is expected to be tabled in Parliament next year.
South Korea has enacted stricter penalties for violations of data protection or privacy requirements by telecommunications and online service providers, including potentially steep damages in the wake of a data breach. The amendment (the “Amendment”) to South Korea’s Act on the Promotion of IT Network Use and Information Protection (“Network Act”) became law on March 22, 2016 and will become effective on September 23, 2016. The Network Act regulates and protects the personal information of individuals (“Information Subjects”) that are collected, used and disclosed by telecommunications and online service providers (“Service Providers.”) Overall, the Amendment provides heavier penalties for violating privacy provisions in the Network Act. The increased penalties and stricter privacy standards are consistent with recent amendments in other Korean privacy laws, such as the Personal Information Protection Act and the Utilization and Protection of Credit Information Act.
On January 1, 2016, China’s National People’s Congress Standing Committee enacted the new Anti-Terrorism Law (反恐怖主义法) that gives broad powers to the Chinese authorities to access and handle data held by telecommunications operators and internet providers (together, “Technology Companies”). This law provides a legal framework to compel Technology Companies to cooperate and assist the Chinese authorities to combat the threat of “terrorism.”
On July 1, 2015, China’s top legislature adopted a new National Security Law (中华人民共和国国家安全法), highlighting cyber security and paving the way for a coordinated crisis management system. The law aims to provide a general legislative framework to cover a wide range of areas, ranging from finance, politics, the military and cyber security to culture, ideology and religion.
The first edition of The Privacy, Data Protection and Cybersecurity Law Review appears at a time of extraordinary policy change and practical challenge for this field of law and regulation. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication.
Editor’s Preface, Alan Charles Raul
- Chapter 1, “European Union Overview,” William Long, Geraldine Scali and Alan Charles Raul
- Chapter 2, “APEC Overview,” Catherine Valerio Barrad and Alan Charles Raul
- Chapter 9, “Hong Kong,” Yuet Ming Tham and Joanne Mok
- Chapter 12, “Japan,” Takahiro Nonaka
- Chapter 16, “Singapore,” Yuet Ming Tham, Ijin Tan and Teena Zhang
- Chapter 20, “United Kingdom,” William Long and Geraldine Scali
- Chapter 21, “United States,” Alan Charles Raul, Tasha D Manoranjan and Vivek Mohan