Dear privacy pros,

I hope that you had a fruitful Data Privacy Day Jan. 28 and were able to partake in some of the festivities.

I attended the Asia-Pacific Region event hosted by the Council of Europe and was glad to hear privacy commissioners from Singapore, the Philippines, Australia and New Zealand speak about initiatives that portend greater interoperability between the EU GDPR framework and regional privacy laws, and potentially more harmonization between frameworks within the region.

One of these initiatives, as alluded to in the last introduction from my colleague Jason, is the endorsement of the ASEAN Data Management Framework and the Model Contractual Clauses for Cross Border Data Flows by the first ASEAN Digital Ministers’ Meeting Jan. 22.

Besides the additional guidance issued by Singapore's Personal Data Protection Commission to companies who wish to incorporate MCCs into their business contracts, the PDPC also recently updated the Guide on Data Protection Clauses for Agreements Relating to the Processing of Personal Data, which may be relevant to agreements between an organization and a data intermediary processing personal information on its behalf.

For more perspective on the proactive leadership position that the PDPC is taking in the international privacy arena, I highly recommend reading this interview with Commissioner Lew Chuen Hong, as he talks about the PDPC’s role in architecting Singapore’s digital future.

In other news from Singapore and an update from my last introduction, the government passed a new law that limits the use of contact-tracing data to seven categories of serious offenses, such as murder or terrorism. In a rare move, the Bill was introduced in Parliament with a Certificate of Urgency, which allowed all three readings to happen in one sitting, rather than in separate sessions.

While there appears to be lingering doubts and misgivings among members of the public, with some continuing to call for a boycott of the TraceTogether system and others asking for their information to be erased, I think this restriction certainly strikes the right balance between the need to protect personal data and public interest, albeit belatedly. The Singapore government should also be applauded for the honesty displayed in admitting that mistakes were made during the initial rollout, as well as the seriousness and urgency with which it has tackled the subsequent fallout. Finally, credit should be given to the main opposition party for taking a non-partisan stance in supporting the Bill and calling for the continued use of the TraceTogether system.

It is my earnest hope that 2021 will augur greater awareness of privacy issues and growing maturity in handling them, not only within the public and private sector in Singapore but also among the citizenry. Perhaps this might be a good place to start.

To everyone celebrating the upcoming Lunar New Year, I hope that you can have a wonderful time with your families and loved ones, notwithstanding the ongoing restrictions.

Stay happy, stay united and stay safe.