Personal Data Protection Act (PDPA)

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

Malaysia’s Personal Data Protection Act (PDPA) was enacted in 2010 and came into force in November 2013, making Malaysia the first country in the Association of Southeast Asian Nations (ASEAN) to enact comprehensive privacy legislation.

On July 31, 2024, the Personal Data Protection (Amendment) Bill 2024 (PDP Bill) was passed by the Dewan Negara (Malaysia’s Senate). It is expected to receive royal assent and thereafter come into force on a date to be appointed by the Minister of Digital by notification in the Gazette.

The PDP Bill introduces significant amendments to the PDPA, including specific definitions, new obligations on data controllers and stricter penalties for non-compliance. These amendments align the PDPA with internationally recognised standards, positioning Malaysia alongside its regional peers in Asia-Pacific, including Singapore, Indonesia, the Philippines, Thailand and Vietnam.

According to Malaysia’s Digital Minister, Gobind Singh Deo, these changes are driven by rapid technological advancements that necessitate society’s reliance on digital platforms for business, coupled with an expectation of protection. His comments come in response to a recent rise in complaints regarding the misuse and breach of personal data, an increase in personal data breaches, and a growing number of online fraud cases.

We outline below key changes brought about by the PDP Bill and its impact on businesses:Continue Reading Malaysia Pushes Out Groundbreaking Amendment to Personal Data Protection Act – Impact on Businesses

On 18 July 2023, Singapore’s Personal Data Protection Commission (PDPC) issued a proposed set of advisory guidelines (Guidelines), to offer clarification on how Singapore’s comprehensive data protection law, the Personal Data Protection Act (PDPA), would apply to the processing of personal data in the design, development and deployment of AI systems.

The Guidelines are intended to be advisory in nature, i.e. not legally binding, and will instead govern how the PDPC will interpret, apply and enforce the PDPA in the contexts where personal data is used in or for AI systems that embed machine learning models to make decisions, recommendations or predictions.Continue Reading Singapore Consults on Personal Data Guidelines for AI

The Monetary Authority of Singapore has launched a public consultation to gather feedback on two sets of proposed rules which it will soon impose on Singapore financial institutions (FIs), with a view to improving existing consumer safeguards, including for such FIs’ digital prospecting and marketing activities. 

What do the proposed rules seek to achieve? 

The