Episode 77 - Data Localization - The Case of Singapore

The Data Privacy Detectives turns his data localization spotlight on the island nation of Singapore. With a per capita income of 64% higher than the United Kingdom’s and a free-market economy that depends on global trade and commerce, Singapore takes a very different approach from China, Russia, India, and other countries that strive to localize their residents’ personal information. Singapore’s Personal Data Protection Act (2012) provides a comprehensive set of rules protecting the personal information of its residents. Like GDPR in scope, it differs in its flexible approach to balancing privacy and national security protections. In 2020 Singapore’s Monetary Authority and the U.S. Treasury issued a joint statement opposing data localization requirements, calling them a risk to cybersecurity and economic growth. They called instead for data mobility in financial services as a spur to innovative services and economic growth and as a more effective approach to risk management and cross-border compliance. Singapore's broad privacy protection rules allow flexibility for businesses to comply, a model that U.S. regulators may wish to study as alternatives to data fencing or rigid regulation. In February 2021 Singapore’s Privacy Data Protection Commission published a guide of model clauses for processors to follow, regardless of where they are based and not requiring that a Singapore server be the data custodian. The island’s embrace of regional multinational compacts (Asia Pacific Cooperation Cross-Border Privacy Rules and Asia Pacific Economic Cooperation Privacy Recognition for Processors) offers a regional model different from China’s data nationalism. If you have ideas for more interviews or stories, please email [email protected].