Data Privacy

Personal Data Protection Act

In Singapore, the Singapore Personal Data Protection Act (PDPA) of 2012 was enacted by its government, creating a general data protection law that regulates how organizations may collect, use, and disclose personal information pertaining to their clients. The goal of PDPA is to make it a part of an organization’s company structure to safeguard the individual’s information. This article shall provide you with the most important features of this Act, such as giving one’s consent, withdrawing consent, the request of access to one’s own personal data from the organization, and the request of correction of one’s own personal data.


What is privacy?

The right to privacy is defined as “the freedom from unjustified interference and the right to conceal certain matters from the public view.” It is a modern practice that individuals are compelled to protect their privacy and give out personal information to acquire services and make new acquaintances. For instance, many individuals have developed a practice of disseminating a lot of information to many individuals through online correspondence.

Data automation poses a grave danger to privacy rights in the digital realm. In today’s era of digitalization, when information can be recorded, saved, and shared with ease, the privacy of personal data is a crucial area of concern. It is thus not surprising that it frequently appears in newspaper articles, being a subject of legislation worldwide.


What does the PDPA Act entail?

Deemed Consent

Before collecting, processing, or disclosing an individual’s personal data, Organizations are required to inform you of the reason(s) for their request and secure your consent. If a person knowingly gives an organization their personal information for a specific purpose, they may be giving them permission to collect, use, or disclose their personal information as well. This is known as “deemed consent”.

A Withdrawal of Consent

You have the right to request that an organization shall stop collecting, utilizing, or divulging your personal information. Prior to actually processing your application for withdrawal, the organization should notify you of the potential outcomes of your revocation. However, your personal information may be kept by the organization for as long as necessary to meet its business or legal obligations. In other words, it is not compelled to erase or otherwise destroy it.

A Request for Access

You have also the right to ask to see any personal information that a company may have on you. For instance, you could therefore look up exactly what and how your personal information was used or might have been released in the previous year. Keep in mind that organizations have also the right to charge an administrative fee for each access request or to deny it if they deem it to be unwarranted. This includes exposing someone else’s personal information, endangering somebody’s personal security or well-being, or being inimical to national interests.

A Request for Correction

You may ask that the organization rectify a mistake or inadvertent in your personal data. Except if the organization has a justifiable reason not to produce the correction, it should correct the data and send it to organizations that received it in the previous year, or, if you agree, only to specific organizations to whom the personal data was divulged.


Cases concerning PDPA

  1. Reed, Michael v Bellingham, Alex (Attorney-General, intervener) [2022] SGCA 60

This appeal raised, among other issues, the interesting question of the scope of the phrase “loss or damage” in s 32(1) of the Personal Data Protection Act 2012 (Act 26 of 2012) (“PDPA”). Section 32(1) confers a right of private action on any person who suffers loss or damage directly as a result of the contravention of any provision in Part IV, V or VI of the PDPA. It is the appellant’s case that his emotional distress and the loss of control of his personal data fall within the meaning of “loss or damage”, and that he is therefore entitled to claim injunctive relief under s 32. In this case, the appellant suffered “emotional distress” as a “loss or damage”, thus conferring the right of private action on the appellant.1



You should be equipped with sufficient knowledge to safeguard yourself from any significant privacy violations. Learning to safeguard your data can protect you from harm, both online and in real life.

Glossary and Key Terms

Privacy: The freedom from unjustified interference and the right to conceal certain matters from the public view.

Consent: Permission for something to happen or agreement to do something.


Frequently Asked Questions

Q: Why is data privacy important?

A: Data privacy is important because it protects individuals from a variety of harms, such as identity theft, discrimination, and financial loss. It also helps to ensure that individuals have control over their own personal information and that it is not used without their consent.

Q: What are some of the ways that data privacy can be violated?

A: Data privacy can be violated in a number of ways, including:

  1. Data breaches: Data breaches occur when unauthorized individuals gain access to personal data. This can happen through hacking, malware, or other security vulnerabilities.
  2. Data sharing: Data can be shared with third parties without the individual’s consent. This can happen when individuals sign up for services, use apps, or make purchases online.
  3. Data tracking: Data can be tracked by companies and organizations without the individual’s knowledge or consent. This can happen through the use of cookies, tracking pixels, and other tracking technologies.

Q: What can individuals do to protect their data privacy?

A: There are a number of things that individuals can do to protect their data privacy, including:

  1. Be careful about what information you share online. Only share information that you are comfortable with being shared publicly.
  2. Use strong passwords and two-factor authentication. This will help to protect your accounts from unauthorized access.
  3. Be aware of the privacy settings on your devices and online accounts. Make sure that you understand how your data is being collected and used.
  4. Be careful about what apps you download and what websites you visit. Only download apps from trusted sources and only visit websites that you trust.
  5. Be aware of the data tracking practices of companies and organizations. You can use tools like Privacy Badger and Ghostery to block tracking technologies.




Call Now Button
× How can I help you?