Photo of Charmian Aw

Charmian Aw

In May 2024 alone, Singapore’s data protection regulator, the Personal Data Protection Commission (Commission) has issued three enforcement decisions that imposed a total of SG$102,000 (approximately US$76,000) in regulatory fines for infringements of Singapore’s Personal Data Protection Act (Act).Continue Reading Singapore Ramps Up Data Protection Enforcement – Five Useful Takeaways

On 7 May 2024, Singapore’s Parliament introduced an Accounting and Corporate Regulatory Authority of Singapore (ACRA) Registry and Regulatory Enhancements Bill (Bill), which will limit public disclosures of company directors’ residential addresses on the business registry in Singapore.Continue Reading Singapore Looks to Tighten Corporate Disclosures of Directors’ Personal Data

In a Nutshell

On 17 April 2024, the Cybersecurity Agency of Singapore (Agency) issued a response to public feedback received on a draft amendment to its cybersecurity law.

This draft amendment of the Cybersecurity Bill (Bill) was published as part of a public consultation exercise from 15 December 2023 to 15 January 2024.

Our earlier post about this consultation can be accessed here.Continue Reading Singapore Progresses Towards Amended Cybersecurity Law

On 28 March 2024, Singapore’s Personal Data Protection Commission (Commission) published a set of advisory guidelines on the applicability of the Personal Data Protection Act (PDPA) on children’s personal data in the digital environment (Guidelines)[1].

What is the Ambit of the Guidelines?

The Guidelines are intended to clarify how Singapore’s comprehensive data protection legislation, the PDPA, including its provisions and obligations imposed on relevant organisations, apply to children’s personal data in the digital environment. More specifically, they apply to organisations whose online products or services are “likely to be accessed by children”.Continue Reading Singapore Issues Privacy Guidelines for Children’s Online Safety

Nearly six months after the Cyberspace Administration of China (CAC) was first introduced for public consultation, with its draft regulations proposing to ease outbound data transfers from China (Draft Regulations) (see our article at China Releases Draft Regulation to Significantly Ease Cross-border Data Transfers | Privacy World), the much-awaited final rules on Regulating and Facilitating Cross-border Data Flows were published and came into effect on March 22, 2024 (New Regulations). The New Regulations largely repeat the Draft Regulations, but now have further relaxed personal data exports from China.

Meanwhile, on the same day, the CAC also released the Guide to the Application for Security Assessment of Data Exports (Second Edition) and the Guide to the Filing of the Standard Contract for Personal Data Exports (Second Edition) (collectively, the Second Edition Guides) which make corresponding adjustments pursuant to the New Regulations.Continue Reading China Finalizes New Regulations to Relax Personal Data Exports from China

On March 1, 2024, Singapore’s Ministry of Communications and Information announced[1] that a study would be launched to introduce a new piece of legislation, the Digital Infrastructure Act (DIA), to boost the resilience and security of key digital infrastructure and services in Singapore.Continue Reading Singapore to Pass New Law to Boost Digital Resilience


On March 1, 2024, Singapore’s personal data protection commission (Commission) issued its advisory guidelines (Guidelines) on the use of personal data for AI systems that provide recommendations, predictions and decisions.

The Guidelines follow a public consultation in July and August last year, in which a number of organizations submitted comments[1] on the proposed

The Monetary Authority of Singapore (MAS) has issued an advisory[1] to financial institutions on quantum computing and the cybersecurity risks that it could pose, including potentially breaking commonly used encryption and digital signature algorithms.

Similar concerns have been raised elsewhere. Some related and ongoing developments include:

  • National Institute of Standards and Technology’s (NIST) initiation

Scott Warren (Japan/China) and Charmian Aw (Singapore) will be speaking in Singapore at the Global Legal ConfEx full day conference.  Scott will be moderating two panels, one entitled Breach Notification: A Deep Dive Into What, When and Who to Notify, and the other Strategies for Managing Risks and Ensuring Compliance with Anti-Bribery and Anti-Corruption

Whether to and how to integrate AI into business operations remains a real challenge for companies considering the adoption of the technology. We have released “Ten Things About Artificial Intelligence (AI) for GCs in 2024” providing 10 key insights as a helpful guide on the issues around AI. Our global team stands ready