Speech by Minister Josephine Teo at the Opening of the Personal Data Protection Week

18 JUL 2023

  1. Good morning.  I am happy to join you for the launch of the Personal Data Protection Week. For the first time since this event has been organised in 2013, we are joined by our colleagues from the national data protection authorities of all ASEAN Member States. 

  2. Your presence, individually and collectively, reflects the importance of data to our region’s growing digital economy. It also says something about ASEAN’s interest in developing data policies that help people and businesses.

  3. Therefore, I would like to extend an especially warm welcome to our ASEAN colleagues, for making time to be here today.

  4.  In the past year, Artificial intelligence (AI) has come to dominate the headlines and a lot of conversations. Much of the excitement is around how human-like and clever AI has become, with the ability to answer complex questions, compose essays, write code, or even produce amazing music, images, and videos. 

  5.  Equally, there are many concerns about AI-generated content, including how it can be misused for disinformation or criminal activities like scams.

  6. Another question is whether AI-generated content contain biases or discriminate against certain groups. This could happen if the datasets used to train the AI models already contain such biases and discriminatory features.  

  7. As a result of these concerns, AI Governance is an urgent priority which some countries are already taking steps to address, including Singapore.

  8. We introduced the Model AI Governance Framework in 2019.  More recently, we set up a foundation to guide the development of AI Verify, a testing framework and software toolkit that has been open sourced, to help industries be more transparent about their AI.

  9. While we take steps to strengthen AI Governance, we should also pay attention to how AI model are being developed.

  10.  In many ways, the AI models produce results that are only as good as the training datasets used by the developers.

  11. The old saying “garbage in, garbage out” applies to AI too. This already presumes that data is accessible in the first place. And yet we all know that the two pre-conditions for high-quality AI implementation – data access and quality – are not always met.  

  12. One survey found that:

    a. 38% of organisations faced challenges collecting data from multiple internal systems. This applies to the ASEAN region; 

    b. 34% had problems with data quality. 

  13. In some cases, this may be like a piano with a few missing keys, or an orchestra that has left out some instruments or have some of the instruments not properly tuned. You will still hear music, though it will probably not sound very good. However, if the data issues are more like missing or poorly-made pillars of a building, the consequences could be more serious.

  14.  If we want to see high quality AI implementation in our digital economy, we will need to do more to help businesses in the region access and collate quality data. This is necessary if we hope to benefit from widespread AI innovations. 

  15. At the same time, we must ensure that consumers’ data are properly protected. Without proper data protection, people will not feel safe enough to fully participate in digital developments. Nor will they support the greater use of data for AI and other innovations.

  16. But how we improve protection is important. Our aim should be to do so whilst allowing innovation to take place and learning how to marry these twin objectives more effectively over time.  These considerations underpin Singapore’s approach to data regulations, which I will say more about today.    

    Clarity on use of personal data in AI helps companies innovate

  17. Quality data sets are easier to build once companies are clear on what data they can use, including personal data.  Consumers also benefit when industry has clarity on how personal data can be applied to AI in a safe and trusted manner. 

  18. I had announced in March that our Personal Data Protection Commission, the PDPC, would be launching Advisory Guidelines on the use of Personal Data in AI Recommendation and Decision Systems. This is part of our wider effort to lay the groundwork for a trusted ecosystem for AI development and deployment. 

  19. The PDPC has received useful feedback from a wide range of stakeholders during closed consultations, and I am pleased to share that the Advisory Guidelines will now progress to the stage of open consultation, before being published

  20. The Advisory Guidelines will provide businesses with more clarity on the use of personal data to train or develop AI models. To promote transparency, there will be guidance on explanations that should be provided before seeking consent from consumers who are providing personal data for use in an AI system to make recommendations, decisions, or predictions.

  21. The Guidelines also encourage AI solution providers to support their clients in their compliance with the PDPA. This can include designing systems such that it is easy to extract information clients need for providing their explanations. 

  22. This Advisory Guideline applies to traditional AI systems used for recommendations and decision-making.

  23. The PDPC recognises the new concerns arising from the use of personal data in generative AI. For instance, the use of publicly available personal data to train large models, to produce synthetic media or ‘Deep Fakes’. The PDPC is looking into these issues and considering whether further guidance should be provided under the PDPA. 

    Harness technology to build up a trusted data ecosystem that supports AI innovation

  24. Another way for governments to help companies build up their datasets is through the use of privacy enhancing technologies, or PETs. 

  25. PETs allow businesses to extract value from consumer datasets, while ensuring that personal data is protected. Through facilitating data sharing, they can also help businesses develop useful data insights and AI systems. 

  26. For instance, using PETs, banks can pool data and build innovative AI models for better fraud detection, while protecting their customers’ identity and financial information.

  27. IMDA actively encourages industry to adopt PETs. At PDP Week last year, I announced the launch of IMDA’s PET Sandbox pilot. Through this pilot, participating businesses could access a panel of PET solution providers and a comprehensive suite of support, including grants to develop PET solutions and regulatory guidance. 

  28. This Sandbox has generated much interest. A range of use cases have been developed in partnership with industry across diverse sectors such as finance, e-commerce, media, and technology. 

  29. One example is Zuellig Pharma, a major pharmaceuticals distribution firm with regional headquarters in Singapore. Joining the PET Sandbox helped Zuellig Pharma understand how to use PETs in collaboration with regional data partners. Access to their partners’ data have helped them derive more precise analytics around the movement of pharmaceutical products in Asia, while complying with their regulatory obligations.

  30. The success of IMDA’s PET sandbox has opened new ways for us to work with local and international partners.

  31. I am glad to announce that IMDA and Google are jointly launching the “PET x Privacy Sandbox” today. This is Google’s first partnership in Asia Pacific with a regulator to support industry in testing and adopting PETs. 

  32.  The PET x Privacy Sandbox will benefit both companies and consumers.

  33. Many companies in Singapore and the region will gain a safe space to pilot projects using PETs on a platform they already operate on. With the deprecation of third-party cookies, businesses can no longer rely on these to track consumers’ behaviour through the browser and will need PETs as an alternative.

  34. Consumers will experience being served more relevant content without fearing that their personal data is compromised. 

  35. This is, in fact, not the first collaboration that IMDA has with tech companies in the PET sandbox. We already have many companies, large and small, participating in IMDA’s PET sandbox. IMDA is actively pursuing more of such collaborations. Through experimentation and testing, we strive to build a robust tech ecosystem.
    Facilitate cross border data flows to boost ASEAN’s ability to gain from the benefits of AI   

  36. Another way to improve data access is through facilitating data sharing across borders. This enriches the pool of data companies can draw on and is generally welcome by businesses.

  37. However, there must be clarity on the regulations that determine when and how such cross-border data transfers are acceptable. There are certainly datasets which no country will be comfortable falling into foreign hands, and which must be properly secured. This should however not prevent the movement of non-sensitive data that supports business innovations.

  38. Singapore believes that clear and transparent guidelines on permissible cross-border data flows work better than a blunt application of data localisation rules across the board. On this, we commend our neighbours such as Indonesia and Thailand for enacting progressive legislation to enable data transfers across borders. We can give these efforts a further boost at the regional level.

  39. ASEAN recognises cross-border data flows as a strategic priority, and we have been working towards alignment through the development of robust and practical data transfer mechanisms.

  40. We have made good progress in some key areas. For example, we introduced the ASEAN Framework on Digital Data Governance in 2016, which established developing regional data transfer mechanisms as a strategic priority. One such data transfer mechanism is the ASEAN Model Contractual Clauses (MCCs), which provide a “ready-to-use” template to help businesses develop contracts in compliance with regional regulatory requirements for transferring data. 

  41. As a region, we have also worked to facilitate cross-border data flows between ASEAN and EU to enhance companies’ access to data. 

  42. The Joint Guide to the ASEAN MCCs and EU Standard Contractual Clauses (SCCs) identifies commonalities between the two sets of templates. This helps foster a common understanding and facilitates contractual negotiations on data transfers between ASEAN and EU business partners.

  43.  Singapore will continue to work with our ASEAN and EU partners on the next stage of this project. We hope to steward this to fruition during our upcoming ASEAN Digital Ministers Meeting (ADGMIN) Chairmanship next year.  

    Conclusion

  44. To conclude, I thank everyone here for your interest and support for the safe and responsible use of data in developing the digital economy. 

  45. The rise of AI underscores the value and importance of data. As regulators, we have a duty to ensure their proper protection and ethical use. Equally, we have an interest to ensure AI models are built with quality data. 

  46. We can and should adopt a holistic approach to maximise the value of data as an enabler for the AI ecosystem. This will require an international and multi-stakeholder cooperation.

  47. The areas I touched on today – guidelines for the use of personal data in AI systems, PETs, and facilitating cross-border data flows – are ways Singapore hopes to contribute to this evolving field and very important conversation.

  48.  In the next few days, we look forward to exchanging ideas on these initiatives and more, so that we can together take this important work forward. 

  49. I wish you insightful and fruitful discussions ahead.

  50. Thank you.

PDF version of the speech