Personal Data Protection Commission (PDPC)’s Post

Another day, another development in #childrensdata and #onlinesafety. I’m sure much will be written about the Singaporean data protection authority’s new guidelines… but their immediate benefit for privacy professionals lies in Annex A. The Annex contains sample questions to help complete a privacy risk assessment (or DPIA) for activities involving children's data. 📊 I was hoping to make a pun with ‘Easter-egg’, but helas, none come to mind. If you know a good one, let me know! 🐣 #privacy #childrensdata #globalfocus

New draft rules under the Digital Personal Data Protection (DPDP) Act 2023 to be released for public consultation in August. More here: https://lnkd.in/g_qzb3PK Get the hottest news updates instantly! Follow afaqs! Channel on WhatsApp now: https://bit.ly/3z3M5mI #digital | #government | #DPDP | #dataprotection | #safety | #publicconsultation | #privacyact

On 28 March 2024, the Personal Data Protection Commission issued the Advisory Guidelines on the PDPA for Children’s Personal Data in the Digital Environment. The Guidelines clarify how the data protection provisions in the PDPA apply to children’s personal data in the digital environment. A few key points to note include: -         The Guidelines make clear that they apply to organisations whose online products or services are likely to be accessed by children. In particular, the Guidelines provided examples of such products and services, which including social media services (as defined under the Broadcasting Act), EdTech, Online Games and Smart toys and devices. -         The Guidelines require organisations to use language that is readily understandable by children when communicating with children, so that children may understand the consequences of providing and withdrawing consent. -         The Guidelines reaffirmed the [Advisory Guidelines on the PDPA for Selected Topics] and clarifies that the PDPC considers that a child between 13 and 17 may give valid consent. Where an organisation considers a higher age of consent may be more appropriate in its business context, it should obtain consent from a parent or guardian. -         The Guidelines provided examples of what would be considered reasonable purposes for organisations to collect, use or disclose a child’s personal data, including (but not limited to) (a) for age assurance to ensure that only age-appropriate content is accessible, (b) to protect the child from harmful and inappropriate content, and (c) using the behavioural data of a child, such as the use of high-risk search terms including terms relating to self-harm or suicide, to direct the child to relevant safety information. -         The Guidelines clarify that in the case of a data breach resulting in significant harm to individuals who are children, the organisation remains obliged to inform the affected data subject, even though the data subject is a child. At the same time, the Guidelines recognised that if an organisation proactively informs the child’s parent or guardian of the data breach (if the organisation has the contact details of the parent / guardian), the child’s parent or guardian would be able to take steps to mitigate the harm of the data breach. The Guidelines can be found at https://lnkd.in/gf5mERri. #tmt #technology #media #telecoms #dataprotection #law #legal #lawyer #Singapore #southeastasia #asia #asiapacific #RajahTannAsia #RTA #LawyersWhoKnowAsia

𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐈𝐃 𝐥𝐞𝐠𝐢𝐬𝐥𝐚𝐭𝐢𝐨𝐧 𝐩𝐚𝐬𝐬𝐞𝐝 𝐏𝐚𝐫𝐥𝐢𝐚𝐦𝐞𝐧𝐭 The Digital ID Bill 2024 and the Digital ID (Transitional and Consequential Provisions) Bill have passed Parliament, expected to receive Royal Consent in the next few weeks, with an estimated commencement date in November 2024. This legislative framework is intended to strengthen the existing voluntary Digital ID accreditation scheme, support the expansion and governance of the Digital ID system, and strengthen privacy and consumer protection. Within two years, Australians are expected to be able to create their Digital IDs through their preferred service providers and be able to use such IDs to verify who they are at both public and private sector entities. The 𝑨𝑪𝑪𝑪 will be appointed as the initial Digital ID regulator, with responsibilities of: ✳ accrediting Digital ID service providers, ✳ approving which services can participate in the Australian Government Digital ID System (AGDIS), and ✳ enforcing the non-privacy aspects of the legislation. The 𝑰𝒏𝒇𝒐𝒓𝒎𝒂𝒕𝒊𝒐𝒏 𝑪𝒐𝒎𝒎𝒊𝒔𝒔𝒊𝒐𝒏𝒆𝒓 will be responsible for regulating and enforcing the privacy-related aspects of the Digital ID accreditation scheme. Curious to explore the interactions between this upcoming legislative framework and the AML/CTF Act & Rules, and the Privacy Act. For more information: https://lnkd.in/g5bVgXGQ https://lnkd.in/gqyRtVqE

🧐 Had a lot of questions about this picture in my post last week. It’s from an article about how authorities decide on consent banners. About the report: 1️⃣ Details how the European Data Protection Board’s (EDPB) taskforce handles complaints about consent banners and their findings from January 2023. 2️⃣ Comparison with National DPAs: The report compares the EDPB’s recommendations with national Data Protection Authorities’ positions and actual decisions. This report is valuable for companies setting up consent banners and aims to encourage better practices. 📄 For the full report, check the link in the comments.

DPDP final draft to be ready for public review in two weeks The government has finalised the draft of the rules proposed to be enacted under the Digital Personal Data Protection (DPDP) Act 2023 and hopes to release them for public consultation in the second or third week of August, sources told ET. The rules are expected to be notified after the current session of the Parliament concludes, sources added. Read more at: https://lnkd.in/dpJYXS5t By Aashish Aryan and Surabhi Agarwal

The applicability of the DPDP Act, with respect to publicly available data, is often subject to misinterpretation. Section 3(c) of the DPDP Act, presents two cumulative ("And" not "or") conditions, for inapplicability of DPDP Act to publicly available data. It states that: a) the personal data should be used for personal/domestic use AND b) the personal data is made or caused to be made publicly available either by the person to whom such personal data relates or by any other person who is under a legal obligation to make such data publicly available. In my view, the presence of AND not OR makes it pertinent that both these conditions exist cumulatively and not in isolation, to state that the DPDP Act will not be applicable. However, I have seen some viewpoints which state that only the fulfilment of either of the two points is sufficient for inapplicability. What is your take on the same? #dpdpact #dataprotection #dataprivacy

#IPspyCyberSecAlert - Data Breaches This Week The Week in Regulation. Weekly analysis of newly proposed and final rules ... Research on the costs of data breaches notes that in addition to ...

Data Protection Rules To Be Notified By December-End, Says MoS Chandrasekhar-6 December 2023 The detailed rules of the recently enacted Digital Personal Data Protection (DPDP) Act will be notified by the end of December or early January, Rajeev Chandrasekhar, minister of state for IT, said. "The rules that go into the DPDP Act will be out for consultation later this month. It is ready and we will notify the rules by the end of this month or early next month," he said. #dataprotectionlaw #dpdpact #digitaldata

📚 The Personal Data Protection Commission (PDPC) has released new guidelines to enhance the protection of children's personal data in the digital environment. As a Data Protection Officer in the education sector, I believe that these guidelines are crucial in safeguarding our students' information. They serve as a reminder of our ongoing responsibility to regularly assess and improve our data protection practices. By implementing these guidelines, we not only comply with regulatory standards but also help create a safer digital landscape for children. Achieving this requires collaborative efforts to share best practices and innovative solutions. Together, we can make a significant impact in creating a safer digital future for our children. 💪 #dataprotection #digitalprivacy #childrenpersonaldata https://lnkd.in/gmgqp69Y