SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Singapore seeks inclusion of data portability in Personal Data Protection Act
Wed, 27th Feb 2019
FYI, this story is more than a year old

Singapore is looking to implement a data portability requirement as part of the ongoing review of the Personal Data Protection Act 2012 (PDPA).

The country has issued a discussion paper that describes in detail how data portability can help to shape Singapore as a smart nation and its digital economy – including business innovation, market competition, and consumers.

“Data is a key enabler of digital transformation, but a delicate balance must be struck between data protection and business innovation,” says Minister for Communications and Information, S Iswaran.

Singapore is issuing a discussion paper on data portability, which sets out our thoughts through the lens of personal data protection, competition and data flows to support services and innovation in the digital economy. We hope more can join us in this international discourse and work together to build a trusted global environment for business innovation.”

According to the discussion paper, data portability is defined as follows: “Data portability enables individuals to request for a copy of their data held by an organisation in a structured, commonly used, and machine-readable format, and for the organisation to transmit the data to another organisation.

While it does encompass data protection by giving consumers more control over their data, there are a number of other benefits – it can also create more competition and help to boost innovation and customer experience.

In terms of innovation, Singapore businesses would be able to leverage more diverse and larger datasets. This new influx of data could help businesses to develop competitive advantage through better insights, optimising or developing products and services better tailored to customers' needs.

Data portability could also open up the market and lower barriers to entry for new businesses, the report says.

“New or existing organisations without an established customer base may be able to acquire data at a lower cost. The impact of these lowered barriers to entry or expansion would be particularly important in circumstances where data is an important (or even essential24) input and organisations cannot acquire such data at any cost,” the report says.

Several countries including Australia, New Zealand, India, Japan, the Philippines, the European Union and the United States have either implemented or are considering the right to data portability.

In Australia, for example, the Consumer Data Right (CDR) may be incorporated into the Treasury Laws Amendment (Consumer Data Right) Bill 2019. CDR will be applied to open banking through a phased implementation approach starting from July 2019.

Data portability will have numerous benefits for consumers through better control and flexibility over the data they want to share with businesses.

“By allowing consumers to move their data more easily from one service provider to another, or simply to copy their data for use in different services, consumers are empowered to try new services or choose competing service offerings that best suit their needs.” It would also prevent loss of history built up with previous providers.

“For example, an individual's transactional data such as loan or credit repayments, and purchase histories which have been built up over the years with one service provider, can potentially be moved to a new service provider. Access to such data would enable the service provider to make an improved offer thereby benefiting the individual. This reduced cost of switching also creates incentives for competitive services.

But the implementation of data portability does produce a range that issues that need to be addressed. They include:

  • Providing consumers with information about how their data will be used by the data recipient and other relevant information to enable effective exercise of the right to data portability
  • Setting out information on track record, reputation and data management and protection practices of data recipients, and potentially accrediting data recipients to provide consumer assurance
  • Articulating the standards for the protection of the data during transmission, as well as the systems involved in the porting of data
  • Establishing the scope of data portability beyond classical definitions of personal data, to data that have been provided by the consumer
  • Laying out the benefits of cross-sector portability beyond the traditional benefits of ensuring competition within an established market
  • Dealing with the need for clear minimum technical standards to ensure interoperability and reduce friction between data originator and data recipient

Read the discussion paper here.