Photo of Charmian Aw

Charmian Aw

Compliance with data protection laws is an issue of increasing complexity for most organizations these days. New laws and regulations are cropping up with increasing frequency, making companies’ compliance challenges more complicated all the time. As a result, many companies are seeking ways to simplify their compliance strategy while demonstrating compliance to individuals, clients, customers

On October 13, 2023, Singapore and the United States (US) announced at the inaugural Dialogue on Critical and Emerging Technologies (CET Dialogue) held in Washington DC, that they had launched the world’s first ever interoperable AI Governance framework.

The CET Dialogue was co-chaired by Singapore’s Minister for Communications and Information and Minister for Foreign Affairs, as well as the US National Security Advisor and Deputy Envoy for Critical and Emerging Technology, on behalf of US Secretary of State Antony Blinken. Both countries also co-chaired a Business Roundtable on AI Safety and Innovation, together with US Deputy Secretary of Commerce Don Graves.Continue Reading Singapore and the US Publish First-of-its-Kind Interoperable AI Governance Framework

On 11 August 2023, after close to a decade since its initial conception, India’s Digital Personal Data Protection Act (Act) received presidential assent, formalising the nation’s first ever comprehensive data protection law.


There are several key definitions and references adopted in the Act, as follows:

  • “Data fiduciary” means
  • On 18 July 2023, Singapore’s Personal Data Protection Commission (PDPC) issued a proposed set of advisory guidelines (Guidelines), to offer clarification on how Singapore’s comprehensive data protection law, the Personal Data Protection Act (PDPA), would apply to the processing of personal data in the design, development and deployment of AI systems.

    The Guidelines are intended to be advisory in nature, i.e. not legally binding, and will instead govern how the PDPC will interpret, apply and enforce the PDPA in the contexts where personal data is used in or for AI systems that embed machine learning models to make decisions, recommendations or predictions.Continue Reading Singapore Consults on Personal Data Guidelines for AI

    Our global data team has prepared a practical guide that compares three standard contracts, as a means of facilitating international data transfers, namely:

    • The EU’s standard contractual clauses (effective since June 2021)
    • The People’s Republic of China’s (PRC) standard contract (issued in March 2023)
    • The Association of Southeast Asian Nations’ (ASEAN) model contractual clauses (published in January 2021).

    Continue Reading A Guide Comparing EU, China, ASEAN Standard Contracts for Data Transfers

    On June 26, 2023, the Monetary Authority of Singapore (MAS) released an open-source toolkit to enable the responsible use of Artificial Intelligence (AI) in the financial industry.  

    The Veritas Toolkit version 2.0[1], developed by a consortium of 31 industry players[2] and led by MAS, is the first responsible AI toolkit developed specifically for the financial industry. It assists financial institutions (FIs) in carrying out assessment methodologies to meet the Fairness, Ethics, Accountability and Transparency (FEAT)[3] principles required to demonstrate responsible use of AI and data analytics.Continue Reading Singapore releases responsible AI toolkit for finance sector

    On June 7, 2023, New Zealand’s Office of the Privacy Commissioner (OPC) issued a statement [1] encouraging all businesses to adopt two-factor authentication (2FA) to protect information that they hold. In her remarks, Deputy Commissioner Liz MacPherson highlighted that this should be the case regardless of the size of the organisation. She referenced the OPC’s latest small businesses insights report, and opined that:

    “When a cyber… breach occurs, the question [that will be asked] … is ‘have you taken reasonable cybersecurity steps to protect the personal data you hold?’ Not to have taken reasonable steps is a breach of the Privacy Act… What is reasonable depends on the size of the organisation and the scale and sensitivity of the personal information they hold.
    Continue Reading New Zealand Urges All Businesses To Adopt 2FA

    On June 7, 2023, Singapore’s Minister for Communications and Information announced that AI Verify,[1] the world’s first-ever artificial intelligence (AI) governance testing framework and toolkit, will be made available to the open-source community.

    AI Verify was launched as a minimum viable product for international pilot in 2022. It is aimed at helping organizations validate

    On 31 May 2023, the Monetary Authority of Singapore (MAS) and Google Cloud signed a memorandum of understanding[1] to collaborate on generative artificial intelligence (AI) solutions that are rooted in responsible AI practices.

    The goal of this tie-up is to promote the use of responsible generative AI applications within MAS, which is Singapore’s central