On 31 May 2021, the Personal Data Protection Commission received a complaint that RedMart Limited was collecting images of the physical National Registration Identity Card and other identification documents of suppliers making deliveries to its warehouses.

The Environmental Public Health Amendment Bill, introduced in Parliament on 9 January 2023, has proposed revisions to the cleaning business license regulatory framework in a bid to drive capabilities and raise public health standards of cleaning businesses. The existing framework, which was introduced in September 2014, only provides for one type of cleaning business license. However, the revised framework, which is intended to come into force from 1 January 2024, will provide for three different classes of cleaning business licenses.

The Electric Vehicles Charging Act 2022 that seeks to regulate the provision of safe and reliable charging of Electric Vehicles and the expansion of the EV charging infrastructure in Singapore was passed by Parliament in January 2023. The Act is expected to take effect in the second half of 2023. Notably, the Act sets out a licensing regime for EV charging operators and also prescribes certification requirements that all EV chargers would have to meet before the chargers can be installed and used in Singapore.

As part of its efforts to offer enterprise users and their vendors better guidance on deploying Internet of Things technologies, the Info-communications Media Development Authority has published Annex C: Case Study on Smart Buildings (informative) to the IoT Cyber Security Guide. Annex C provides a starting point for businesses in the Facilities Management industry with smart systems to reevaluate their cybersecurity needs and infrastructure.

The Online Safety (Miscellaneous Amendments) Bill was read a second time in Parliament and was passed into law on 9 November 2022. While the Ministry of Communications and Information has not released the commencement date of the new laws, they, together with the Code of Practice for Online Safety, are likely to kick in as early as 2023.

The Ministry of Communications and Information tabled the Online Safety (Miscellaneous Amendments) Bill for its first reading in Parliament on 3 October 2022, setting out proposed regulations of providers of online communication services with significant reach or impact accessible by any Singapore end-user, as well as measures to prevent access to egregious content. The aim of the Bill is to enhance online user safety, particularly for children, and to curb the spread of harmful content on OCS. Designated providers of such OCS will have to comply with Codes of Practice issued by the Info-communications Media Development Authority to enhance online safety for Singapore end-users and curb the spread of harmful content on their service.

As part of the multi-pronged effort by the Infocomm Media Development Authority and other stakeholders to combat scams and safeguard SMS messaging as a communications channel, the IMDA will implement two measures following a public consultation: (i) mandatory registration with the Singapore SMS Sender ID Registry: Registration with the SSIR will be mandatory for all organizations that use SMS Sender IDs, and (ii) telecommunications operators to implement SMS anti-scam filtering solutions: Anti-scam filtering solutions will be implemented by telecommunications operators within their mobile networks to automatically filter potential scam messages before they reach consumers.

As part of an ongoing approach to combat scams, the Infocomm Media Development Authority (IMDA) has proposed new measures to reduce the ability of scammers to spoof their identity by using the same alphanumeric sender identification (“SMS Sender ID”) used by bona fide businesses. To further enhance consumer protection, the IMDA intends to make Singapore SMS Sender ID Registry (SSIR) registration mandatory for organisations who wish to use SMS Sender IDs.
Organisations using SMS Sender IDs must register with the SSIR using their Unique Entity Number (UEN) and aggregators handling SMS with Sender IDs must also participate in the SSIR and verify organisations via their UENs.

The Singapore Court of Appeal, in its recent decision of Reed, Michael v Bellingham, Alex (Attorney-General, intervener) [2022] SGCA 60, provides clarity on two provisions under the Personal Data Protection Act (PDPA). The first is section 4(1)(b), which states that the PDPA does not impose any obligation on any employee acting in the course of their employment with an organization. The second is the then section 32 (now section 48O), which allows individuals who suffer loss or damage as a result of an organization’s contravention of the PDPA, the right to commence private action against the organization.

In July 2022, the Singapore Personal Data Protection Commission published a guide to help organisations comply with the Personal Data Protection Act when deploying blockchain applications that process personal data. As such, this Guide provides a broad set of principles and considerations for organisations to design their blockchain applications to be PDPA-compliant, thus ensuring more accountable management of customers’ personal data.