Fintech Market Overview

This article does not constitute legal advice.

Data protection in Singapore

Fintech Software

The Personal Data Protection Act 2012 (PDPA) would apply to client data to the extent that it comprises personal data, which is defined as 'data, whether true or not, about an individual who can be identified (a) from that data, or (b) from that data and other information to which the organisation has or is likely to have access'. In brief, there are two key parts of the PDPA:

  1. protection of an individual's personal data, including in relation to requiring consent, granting access and correction rights, requiring reasonable security and limiting transfers overseas; and
  2. establishment of a do-not-call registry for individuals to opt out of receiving certain types of marketing messages addressed via Singapore telephone numbers. 1

Internet protocol solutions may still be subject to the do-not-call registry regime (e.g., WhatsApp, as it addresses messages via Singapore telephone numbers). The Personal Data Protection (Amendment) Act 2020, when it fully comes into effect, will increase the maximum financial penalty that may be imposed on an organisation to 10 per cent of its annual turnover in Singapore, or S$1 million, whichever is higher. The maximum financial penalty presently is S$1 million, and the increased maximum is not applicable until a future date, yet to be notified.1

Client data will also be protected by the common law obligations of confidentiality. A recipient of data would be subject to confidentiality restraints where data or information in question is:

  1. confidential as regards the giver of the data or information; and
  2. imparted under circumstances where the recipient knew or ought to know that the data or information in question was confidential. 1

If confidential information is disclosed without consent, there is a risk that the disclosure would be in breach of confidence.1

Singapore also has sector-specific regimes to protect the privacy and confidentiality of bank customer information and the confidentiality of information relating to trusts, including information of settlors and beneficiaries of trusts. While there are no special rules specifically focused on regulating the digital profiling of clients, it would be relevant to consider the PDPA and the various other data protection and privacy-related regimes in the implementation of a profiling solution, especially for companies providing financial services.1

Cross-border payments in Singapore

Fintech in Singapore

Fintech in other countries

Let's introduce you

Singapore Fintech Lawyers

Denis Polyakov

Denis Polyakov

Comprehensive legal services for businesses on corporate, tax law, cryptocurrency legislation, investment activities

  1. https://thelawreviews.co.uk/title/the-financial-technology-law-review/singapore
Offer for startups

Fast start for $5K

You can launch your platform by paying $5000 initially and the rest after 6 months if your business grows