Singapore's Personal Data Protection Act went into effect on July 2. It's a local law, but it matters to digital marketers globally.

Information wants to be free, but most people prefer a few safeguards on personal data.  

Sure we may be happy for our LinkedIn profile to be seen by a prospective employer, but we'd hardly like them to have our medical history.

Right now in many countries however, there is little if any restriction on how our personal data is collected, traded and used. 

The Act

To address these concerns, Singapore passed the Personal Data Protection Act and began enforcing it on July 2, 2014.  

From then onwards, any data collected by a company with a presence in Singapore is subject to regulation described by the act.

The regulations, in brief, say that when you collect data you must: 

  1. Tell the user what it will be used for.
  2. Obtain consent for that use.
  3. Only use it "for purposes that would be considered appropriate to a reasonable person in the given circumstances."

Anyone who does have business here should, of course, read the overview of the act from the Singapore government website and get advice from a trusted adviser.

Why You Should Care

But even those who aren't in Singapore - or even in Asia (yet) - should take note.  Why is that?

Well, in opposition to the heavy legislation of most European countries and Canada, Singapore took a business-friendly approach which may well serve as a model for future data protection acts in other countries.

Also, Singapore’s legislation offers an easy-to-read guide to data handling best practices which keep you safe even in tightly-regulated countries.

And finally, becoming familiar with what Singapore did - and why - will help educate you about the challenges you may face as you become a more global marketer!

So what did Singapore do differently?

1) They limited data protection to businesses

Instead of linking data privacy with a fundamental right to privacy, as the EU does, Singapore made it clear that this act applies to businesses, not private individuals.

This means that the act will not be extended to personal matters - such as a neighbor who has a security camera which covers your property as well.

This means that marketers and web businesses can focus entirely on the matter at hand - have we asked for and been granted permission to use data? If so, then there's no need to worry about future recourse as long as our usage is common sense.  

In other, more regulated countries, you need to know other data restrictions which cannot, perhaps, be avoided by asking for consent.

2) They ensured that data can be freely imported into Singapore

Although the restrictions apply to data to be exported, all data can be imported into Singapore.  This means that the country can continue to be a data-friendly hub for operations and develop it's ever-growing analytics industry.  

And whereas other countries insist on a data compliance officer, Singapore is trying to be more business-friendly by not requiring that position.

For marketers, having free access to global data is important as our campaigns often know no bounds and can move between jurisdictions very quickly.  

Proving that the data we use for our campaigns has followed all local collection laws would be extraordinarily difficult, so hopefully Singapore's decision in this area will influence future policy in this area.

3) They included a common-sense clause to help regulators remain business friendly

The most important difference is that businesses are allowed to collect and use data "for purposes that would be considered appropriate to a reasonable person in the given circumstances".

This allows Singapore regulators to take a common-sense approach to data privacy and balance individual rights with business interests. Firms cannot be forced, like some might argue Google was, to do things which are outside the bounds of reason.


So, when you have a few minutes, review the Singapore act and get familiar with the island nation’s business-friendly version of data privacy.  

It's quite readable and brings up the issues which are going to impact our industry to a great extent over the next few years. It’s worth a few minutes of your valuable time to know something about it.

Jeff Rajeck

Published 7 July, 2014 by Jeff Rajeck

Jeff Rajeck is the APAC Research Analyst for Econsultancy . You can follow him on Twitter or connect via LinkedIn.  

235 more posts from this author

You might be interested in

Comments (9)

Save or Cancel


Singapore is great when it comes to common sense ... but I still have my hands full dealing with the bureaucratic mess that is the new Canadian anti-spam legislation ... stuff of nightmares for internet marketers!

about 4 years ago

Jeff Rajeck

Jeff Rajeck, Research Analyst at EconsultancySmall Business

I hear ya Vicki. I think we've had our golden age of being able to do what we want, when we want. It's only going to get more difficult - especially if we work across borders...

about 4 years ago

Pete Austin

Pete Austin, Founder and Author at Fresh Relevance

Working link to "read the overview of the act" (the original has a typo - an extra %20 at the end):

about 4 years ago

Pete Austin

Pete Austin, Founder and Author at Fresh Relevance

This is the important bit for most businesses, I think (IANAL):

Deemed consent
—(1) An individual is deemed to consent to the collection, use or disclosure of personal data about the individual by an organisation for a purpose if —
the individual, without actually giving consent referred to in section 14, voluntarily provides the personal data to the organisation for that purpose; and
it is reasonable that the individual would voluntarily provide the data.
(2) If an individual gives, or is deemed to have given, consent to the disclosure of personal data about the individual by one organisation to another organisation for a particular purpose, the individual is deemed to consent to the collection, use or disclosure of the personal data for that particular purpose by that other organisation.;ident=c01e6a11-6298-4c60-8ce4-17a213699a9c;page=0;query=DocId%3A%22ea8b8b45-51b8-48cf-83bf-81d01478e50b%22%20Status%3Ainforce%20Depth%3A0;rec=0#pr13-he-.

PS: @Singapore Government - love the website design. Wish UKG would learn from it.

about 4 years ago

Graham Charlton

Graham Charlton, Editor in Chief at SaleCycle

Thanks Pete - link fixed now.

about 4 years ago

Jeff Rajeck

Jeff Rajeck, Research Analyst at EconsultancySmall Business

Though I'm not a lawyer either, I agree that is a key bit.

What we're experiencing here in Singapore is that everything you sign up for now asks for consent to share your information - along with some assurance that it will be shared in a responsible way.

about 4 years ago


Aurelie Pols

I'm afraid it still feels very much like European law.

You know: Purpose and Consent, why you are collecting the data in the first place and get consent from the users for that specific purpose.

It's also one law for all sectors so unlike the US based legislation with their patchwork of legislation (HIPPA, COPPA, VPPA, ...), this is one law to rule them all. That feels like an echo of the upcoming EU Personal Data Protection Regulation...

So this to me feels a lot closer to European legislation than US based thinking around Privacy, certainly if you take into consideration Article 25 regarding retention of personal data according to which controllers must erased data when they are no longer necessary for purpose.
I just call that Data Hygiene, certainly in the light of increased data breaches. Why hold on to something that could damage your business?

The article is also very enthusiastic about business friendly guidelines. Here's one per sector by the Spanish data protection agency: Ok, the design is not that slick but let's be honest, some data protection agencies are ramping up their game as well.

Another note I took from this article is the enthusiasm with which it's author talks about the fact that the legislation only covers business practices, providing the example of neighborhood cameras.
Let's turn the argument around: if my neighbor starts collecting data about me, stalking me, I apparently have no right to Privacy and am not allowed to question his purpose?

Last but not least: Singapore welcomes data imports. Hurray!
So does Europe... it's the export that's an issue, to assure the Privacy rights of European citizens, to assure that where ever you store the data, these rights are still assured, certainly in the Cloud and under National Security legislation.

So welcome Singapore. We'll probably pretty soon read you're part of the list of approved countries for data export:

about 4 years ago

Jeff Rajeck

Jeff Rajeck, Research Analyst at EconsultancySmall Business

I don't have the expertise to address comparisons with Europe, though your arguments seem well-founded.

And yes, I agree that this move shows that Singapore wants to get on the approved data list but I think at the same time they want to avoid frivolous lawsuits about personal security cameras. Many people here have cameras on their homes and cars and leaving that open to interpretation could have caused issues.

And though I'm no expert, I suspect stalking would be considered a criminal offence and not a privacy issue.

about 4 years ago


Pradeep Kumar

I think right to information should be the basic right of every citizen of a country. Things are moving liberally, but for digital world it is a matter of concern.

about 4 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.