The Act

To address these concerns, Singapore passed the Personal Data Protection Act and began enforcing it on July 2, 2014.

From then onwards, any data collected by a company with a presence in Singapore is subject to regulation described by the act.

The regulations, in brief, say that when you collect data you must:

  1. Tell the user what it will be used for.
  2. Obtain consent for that use.
  3. Only use it “for purposes that would be considered appropriate to a reasonable person in the given circumstances.”

Anyone who does have business here should, of course, read the overview of the act from the Singapore government website and get advice from a trusted adviser.

Why You Should Care

But even those who aren’t in Singapore – or even in Asia (yet) – should take note.  Why is that?

Well, in opposition to the heavy legislation of most European countries and Canada, Singapore took a business-friendly approach which may well serve as a model for future data protection acts in other countries.

Also, Singapore’s legislation offers an easy-to-read guide to data handling best practices which keep you safe even in tightly-regulated countries.

And finally, becoming familiar with what Singapore did – and why – will help educate you about the challenges you may face as you become a more global marketer!

So what did Singapore do differently?

1) They limited data protection to businesses

Instead of linking data privacy with a fundamental right to privacy, as the EU does, Singapore made it clear that this act applies to businesses, not private individuals.

This means that the act will not be extended to personal matters – such as a neighbor who has a security camera which covers your property as well.

This means that marketers and web businesses can focus entirely on the matter at hand – have we asked for and been granted permission to use data? If so, then there’s no need to worry about future recourse as long as our usage is common sense.

In other, more regulated countries, you need to know other data restrictions which cannot, perhaps, be avoided by asking for consent.

2) They ensured that data can be freely imported into Singapore

Although the restrictions apply to data to be exported, all data can be imported into Singapore.  This means that the country can continue to be a data-friendly hub for operations and develop it’s ever-growing analytics industry.

And whereas other countries insist on a data compliance officer, Singapore is trying to be more business-friendly by not requiring that position.

For marketers, having free access to global data is important as our campaigns often know no bounds and can move between jurisdictions very quickly.

Proving that the data we use for our campaigns has followed all local collection laws would be extraordinarily difficult, so hopefully Singapore’s decision in this area will influence future policy in this area.

3) They included a common-sense clause to help regulators remain business friendly

The most important difference is that businesses are allowed to collect and use data “for purposes that would be considered appropriate to a reasonable person in the given circumstances”.

This allows Singapore regulators to take a common-sense approach to data privacy and balance individual rights with business interests. Firms cannot be forced, like some might argue Google was, to do things which are outside the bounds of reason.


So, when you have a few minutes, review the Singapore act and get familiar with the island nation’s business-friendly version of data privacy.

It’s quite readable and brings up the issues which are going to impact our industry to a great extent over the next few years. It’s worth a few minutes of your valuable time to know something about it.