Buildings large and small start with the vision of an architect who plans and designs to make it a reality. Chuen Hong Lew likens his role to that of an architect, but the skyscrapers he is blueprinting are digital, as his sights are set on Singapore’s digital future.

“Even though we are a very small country to the wider region and to the world, I think ultimately we will grow Singapore to be that digital metropolis,” said Lew, commissioner of Singapore’s Personal Data Protection Commission and Infocomm Media Development Authority CEO. “I’m literally sitting in front of my table and blueprinting what that digital future is like. It’s a fantastic and exciting opportunity if you think about the sheer potential of what digital can do.”

That vision for architecting Singapore’s digital future is a part of the IMDA’s broader role, balanced with the PDPC’s work and recognizing that such digital growth, if not managed well, presents “real risks,” he said.

“Personal data and personal data protection definitely is one of those areas where it’s really about putting in place the legal safeguards, the tools, but really, building trust in the use of data in the population, because then ultimately we can trust the use of data and have proper safeguards in place,” Lew said. “Then, I think Singapore is much better off being able to use that data to drive the economy forward.”

The balance between the regulatory and development perspectives, as well as the opportunity to be part of Singapore’s digital growth, drew Lew to this role. He is the former IMDA deputy chief executive and former Chief of the Navy, having also served in the Ministry of Trade and Industry as director in the Research and Enterprise Division. 

Chuen Hong Lew, commissioner of Singapore's Personal Data Protection Commission and Infocomm Media Development Authority CEO

“That was really what attracted me to the position, that ability to influence the digital economy and especially in Singapore where we are a very small country, but I think we are very digitally connected and there’s huge potential to grow Singapore in that digital domain,” he said.

Now just over six months into the post, Lew is settling into the role that at first felt “a little bit like drinking from a fire hydrant.” He was appointed in June 2020, as amendments to Singapore’s Personal Data Protection Act were underway and the country worked to combat the COVID-19 pandemic, designing and implementing contact-tracing initiatives, including QR-code tracking and the Bluetooth-based contact-tracing system, TraceTogether.

The efforts have been effective in stemming spread of the virus but have recently raised privacy concerns. However, Lew said the PDPC has a “reservoir of trust” with Singapore’s population that helped the initiatives’ success.

That trust also guides his work as what he calls an “innovative regulator,” balancing compliance, consumer impact and forward-thinking.

“To be an innovative regulator is not an oxymoron,” he said. “It’s the idea that you are always that thought leader. You are always trying to push to the forefront and not just from a legal perspective, but the tools that support that, the frameworks, and building public awareness because that is one of our key roles, as well, around how data can be used and used responsibly.”

Strengthening consumer trust and the use of data for innovation were key among the PDPA amendments passed by Parliament this fall. It also strives to ensure effective enforcement.

“It made a few key moves, one of which was to make data breach reporting mandatory such that consumers are aware and there is transparency in that system. It empowers individuals to take the timely measures to protect themselves if should, unfortunately, a data breach occur. I think another key move was to increase the accountability of companies by increasing the penalties should a breach occur,” Lew said. “As we shifted the PDPA from a consumer-consent-based approach to a much more balanced one where companies had to take accountability for their actions, I think increased financial penalties send a strong signal. Overall, they are more in balance, especially with the increasing use of data.”

While the PDPA grants the PDPC enhanced enforcement authority, rather than “enforcement outcomes,” Lew said he hopes it sends a signal to companies to be accountable.

“My aim is actually not to have enforcement outcomes,” he said. “Ultimately, if a breach occurs something is lost. Data has been lost, consumer trust has been dented, so the idea is it’s meant to be a very strong signal, but in parallel we are working to set guides, compendiums, to guide companies on how to enhance their capacities so they are in the best position not to get into a situation whereby there would be any data breaches.” 

Looking forward, Lew said “there’s a lot of innovative capacity to be had and a lot of new frontiers to be able to explore as that innovative regulator.”

“I think that should underpin the way we think about what we do and how we approach that digital economy and digital society,” he said.

Photo by Swapnil Bapat on Unsplash