The Infocomm Media Development Authority and the Economic Development Board will pilot a Call for Application to construct three new data centres, after lifting a moratorium on new data centre projects in place since 2019. In line with Singapore’s climate change commitments, permits will only be granted for proposed data centres that meet a stringent set of energy efficiency criteria.

On 4 February 2022, the Dubai International Financial Centre Office of the Commissioner of Data Protection announced that the commissioner issued an adequacy decision recognising, among others, Singapore’s Personal Data Protection Act for safe data transfers from the DIFC. This is a welcome development as it facilitates cross-border personal data transfers from the DIFC to Singapore, which can in turn strengthen business ties between the two territories.

On 10 January 2022, the Singapore Ministry of Communications and Information responded to a parliamentary question on measures that ensure companies in Singapore engage third- and fourth-party IT vendors that are licensed and certified by the MCI. The Singapore government has put in place trustmark certifications to help companies better identify IT vendors with strong data and cyber security practices to minimise the risk of data breaches and leaks. Further cybersecurity trustmarks are under development by the Cyber Security Agency of Singapore.

On 10 January 2022, the Singapore Ministry of Communications and Information responded to a parliamentary question relating to the number of cases of unauthorised sales of consumers’ personal data that have been investigated over the last five years, and how many of those cases were successfully prosecuted by the Personal Data Protection Commission.

On 17 December 2021, the Accounting and Corporate Regulatory Authority launched its public consultation on its proposed legislative amendments to the Companies Act, Accountants Act, ACRA Act, Business Names Registration Act, Limited Liability Partnerships Act, Limited Partnerships Act and Variable Capital Companies Act 2018, relating to data, digitalisation, and corporate transparency within Singapore’s business environment. The proposed changes, if enacted, would reduce the amount of data that must be filed with ACRA and limit the personal data that is made available publicly.

On 25 November 2021, the United Nations announced that all 193 member states of the United Nations Educational, Scientific and Cultural Organization, including Singapore, adopted a first-of-its-kind global agreement on the ethics of artificial intelligence. The agreement focuses on the broader ethical implications of AI systems in relation to education, science, culture, communication and information; and articulates common values and principles to assist in the creation of legal infrastructure for the healthy development of AI.

On 9 December 2021, Singapore and the UK substantially concluded negotiations on the UK-Singapore Digital Economy Agreement (UKSDEA). The UKSDEA covers key areas of the digital economy, such as data, artificial intelligence, fintech, digital identities and legal technology.

On 8 November 2021, the Smart Nation and Digital Government Office (SNDGO) announced the launch of two national artificial intelligence (AI) programmes for the government and financial sectors.

The ASEAN Model Contractual Clauses are contractual terms and conditions that may be voluntarily adopted by companies as a legal basis for the cross-border transfer of data. The ASEAN MCCs are primarily designed for transfers of personal data between ASEAN nations, but can also be adapted with appropriate modifications for data transfers between businesses within Singapore or transfers to countries outside the Association of Southeast Asian Nations.

With effect from 1 September 2019, organizations are generally not allowed to collect, use or disclose National Registration Identity Card numbers and copies of NRIC and other national identification numbers, except in certain specified circumstances. Notwithstanding clear guidance documents issued by the Personal Data Protection Commission, it appears that some organizations continue to collect, use or disclose such national identification numbers in breach of the Personal Data Protection Act.