Remarks by Minister S Iswaran at the Singapore Summit Panel

21 SEP 2019

  1. Moderator: We have a great and complex topic here. The list of issues when it comes to regulated digital economy is very long, and the challenges are many, especially when it comes to cross-border cooperation. Just to run through a few things – data mobilisation, fake news, content policy, anti-trust policy, privacy policy, cyber security – there is a number of issues. And so, to kick it off, I wanted to ask each of our panelists to identify two or three issues that you think are very important, or ways that we can think about. Minister, maybe we start with you.

  2. Minister: Thank you very much. I think first, in the digital economy context, we have to recognise the impact of global network effects. It tends towards aggregation, and there is a tendency towards – if we put it in a positive way – the values created through the network effect. Therefore, we should be looking at regulation through that lens. How do you empower this?

  3. If you look at data, for example – I have resisted using the analogy that data is the new oil, because oil is perishable, whereas data is not and data accretes in value when you are able to aggregate and organise it. Therefore, we should be working towards efforts that are able to bring data together, rather than keep them apart.

  4. When it comes to regulation, I would say there are three things that we should be thinking about. The first is whether we need regulation. I think that horse has bolted already – even the private sector says we need regulation. But what I would argue is that regulation is not just essential from the consumer interest perspective, it is also relevant for businesses – because if we are not able to create an environment which fosters trust in the digital economic transactions and activity, the space for private sector activity in the digital economy will shrink and will not be able to grow. I think it is a shared interest and a shared responsibility.

  5. The second is what you regulate. I think what you regulate – there is a spectrum. At one end, there are issues around security and personal data confidentiality. You can go further and say from an industry point of view, what ensures competition and a level playing field and so on. But there is a bunch of other things that could better be left either for the private sector to self-regulate, or somewhere in between.

  6. That leads me to my third point, how do we approach this? We are talking about the digital economy, but I think our approach to regulation of it is that it cannot be fragmented. So, it is not whether it is government or the private sector. I think what we need to recognise is there is a spectrum of roles – the government can play certain parts well, because that is the role of government and it helps to foster the trust. Then there are parts where the private sector can do it. But increasingly, I think there is a large middle ground, where we need both the public and private sector to work together to come up with creative responses, not least because I think the space is so dynamic and evolving. It is not in our interest to constrain ourselves through rigid rules, when we do not quite know how this is going to pan out.

    An example of an issue that requires both the public and private sector to collaborate in regulation

  7. Well I am sure it will come up in our discussion but data localisation is a case in point. If you talk to governments and regulators, they will talk about security and personal data confidentiality and so on. I think there is some very legitimate interest there although some disguise that to take a more protectionist approach. But there are some very legitimate interests in there. It cannot just be left to the governments to find the solution. In other words, the private sector has to step up, especially companies that are operating cross border, and many countries do so now. What sort of solutions can be put on the table for governments to consider which will address the confidentiality and security concerns while allowing the flow of data.

    On different types of global regulatory approaches

  8. I would say that what you see is the evolution of different types of government models. The US model, for want of a better word, I describe it as a laissez-faire model. I think the Chinese model with the solutions that are being described is still somewhat sui generis. Then, in between, you have the EU’s General Data Protection Regulation (GDPR) approach. I am talking about data privacy here. Then, in APAC, we have the CBPR, the Cross Border Privacy Rules. I think what we are seeing is the evolution of standards and in some ways, I think it is unproductive and unrealistic to think that we can all have the same goals across all geographies. We do not have that when it comes to many other areas whether it is food regulation or other things. What we do is to evolve our rules in the context of our working environment, but find ways to connect through common terms of trade and so on. I think that is the same thing that is needed here. The additional point I would make is where possible, governments should resist the idea of going too far down the road of regulation in this space. I think we can take a cautious, circumspect stance but not be in a hurry to draw very hard lines – maybe dotted lines – because we really do not know how this is evolving. Even the private sector – I think if you ask someone today and you ask them again in a year’s time, perceptions do change.

  9. So I think those are the two cautionary notes I will make, that there is going to be a diversity of regimes, we need to find a common thread through them so that we can continue to transact; and at the same time, we should resist the urge and temptation to regulate fast and regulate in very deterministic or religious way.

    Singapore’s example of a balanced regulatory approach

  10. I’ll just give one example – Personal Data Protection. In Singapore, we have the Personal Data Protection Act, which we have now translated into guidelines and workable rules for companies. And we are always concerned about striking the balance between, on the one hand, the consumers and their legitimate concerns around privacy and the safeguarding of data; and on the other hand, legitimate use by businesses in order to harness that data for business purposes which are legitimate and will enhance the benefits for consumers as well. So in that regard, we undertake significant consultations and we put out some consultation documents. This is a dynamic space – I think it is going to be iterative in the way we deal with this. But the point is, be it platforms or large players, we do need to find a way to have a more trusted regulatory environment, interchanged between the government and the private sector in this space especially – because the players, especially those who are successful, tend to be very large, because it is almost a “winner takes all” kind of scenario.

    Taking the lead on a more coordinated global approach with regard to data protection

  11. I think we need to try different things – we are trying not just what we are doing in Singapore but we are working through ASEAN, we are working within the APAC context and we need to also make the effort at the multilateral level and try and do region-to-region type of work. In a way it is analogous to approach it, if you like, as Free Trade Agreements – you need the multilateral effort, you need regional efforts, we also need bilateral efforts. As long as these are not working at cross-purposes but we are reinforcing each other, I think we can find the way forward. It is not going to be certain – I think it looks like there will be movements, left and right, but I think in the end, we will forge a pathway forward. That will be my approach.

    What should be done in the regulation space for large tech companies and platforms?

  12. I will put it this way – when these companies reach a certain scale, which some of the companies you have just described are, and they have become a ‘platform’ in the way which you described, then I think you need to start seriously looking at it. They are no longer just private companies providing these services – very often they take the hue of a utility that is commonly used by all. I think a useful rule of thumb is when your name becomes a verb! Then we should start looking at it seriously. I would say, that we should start thinking in terms of when they are scaling. Because it is true in so many sectors – not just in the social media space. Our approach has always been to work collaboratively, to look at the areas we need to regulate. So we have passed some recent legislation around fake news. Is there a pushback? Of course, because when you are moving from an unregulated space into some form of regulation, you must expect that there is some kind of pushback. But is it the right thing to do? We think it is, and we think that in the end, it will be proven that by doing this, we are actually creating a more productive and constructive environment in the social media space. And I think we can take a similar approach in regulation in many of the other large company-type or company-dominated spaces.