PERSONAL DATA PROTECTION COMMISSION AND ADMINISTRATION
Personal Data Protection Commission
5.—(1) The Info‑communications Media Development Authority is designated as the Personal Data Protection Commission.
[22/2016]
(2) The Personal Data Protection Commission is responsible for the administration of this Act.
[22/2016]
Functions of Commission
6. The functions of the Commission are —
(a)
to promote awareness of data protection in Singapore;
(b)
to provide consultancy, advisory, technical, managerial or other specialist services relating to data protection;
(c)
to advise the Government on all matters relating to data protection;
(d)
to represent the Government internationally on matters relating to data protection;
(e)
to conduct research and studies and promote educational activities relating to data protection, including organising and conducting seminars, workshops and symposia relating thereto, and supporting other organisations conducting such activities;
(f)
to manage technical cooperation and exchange in the area of data protection with other organisations, including foreign data protection authorities and international or inter‑governmental organisations, on its own behalf or on behalf of the Government;
(g)
to administer and enforce this Act;
(h)
to carry out functions conferred on the Commission under any other written law; and
(i)
to engage in such other activities and perform such functions as the Minister may permit or assign to the Commission by order in the Gazette.
Advisory committees
7.—(1) The Minister may appoint one or more advisory committees to provide advice to the Commission with regard to the performance of any of its functions under this Act.
(2) The Commission may consult such advisory committees in relation to the performance of its functions and duties and the exercise of its powers under this Act but is not bound by such consultation.
Delegation
8.—(1) The Commission may appoint, by name or office, from among public officers and the employees of the Authority —
(a)
the Commissioner for Personal Data Protection; and
(b)
such number of Deputy Commissioners for Personal Data Protection, Assistant Commissioners for Personal Data Protection and inspectors, as the Commission considers necessary.
[22/2016]
(2) Where any function, duty or power of the Commission under this Act is delegated to the Commissioner under section 38 of the Info‑communications Media Development Authority Act 2016 —
(a)
the Commissioner must perform that function or duty, or exercise that power, in his or her name;
(b)
the Commission must not perform that function or duty, or exercise that power, during the period when the delegation is in force; and
(c)
the Commission must, as soon as practicable after the delegation, publish a notice of the delegation in the Gazette.
[22/2016]
(3) In exercising any of the powers of enforcement under this Act, an authorised officer must on demand produce to the person against whom he or she is acting the authority issued to him or her by the Commission.
Conduct of proceedings
9.—(1) An individual appointed under section 8(1) or an employee of the Authority, who is authorised in writing by the Chief Executive of the Authority for the purpose of this section, may conduct, with the authorisation of the Public Prosecutor, proceedings in respect of an offence under this Act.
[22/2016]
(2) A legal counsel of the Commission who is an advocate and solicitor may —
(a)
appear in any civil proceedings involving the performance of any function or duty, or the exercise of any power, of the Commission under any written law; and
(b)
make all applications and do all acts in respect of the civil proceedings on behalf of the Commission or an authorised officer.
[22/2016]
Cooperation agreements
10.—(1) For the purposes of section 59, a cooperation agreement is an agreement for the purposes of —
(a)
facilitating cooperation between the Commission and another regulatory authority in the performance of their respective functions in so far as those functions relate to data protection; and
(b)
avoiding duplication of activities by the Commission and another regulatory authority, being activities involving the enforcement of data protection laws.
[22/2016]
(2) A cooperation agreement may include provisions —
(a)
to enable the Commission and the other regulatory authority to provide to each other information in their respective possession if the information is required by the other for the purpose of performance by it of any of its functions;
(b)
to provide such other assistance to each other as will facilitate the performance by the other of any of its functions; and
(c)
to enable the Commission and the other regulatory authority to forbear to perform any of their respective functions in relation to a matter in circumstances where it is satisfied that the other is performing functions in relation to that matter.
(3) The Commission must not provide any information to a foreign data protection body pursuant to a cooperation agreement unless it requires of, and obtains from, that body an undertaking in writing by it that it will comply with terms specified in that requirement, including terms that correspond to the provisions of any written law concerning the disclosure of that information by the Commission.
(4) The Commission may give an undertaking to a foreign data protection body that it will comply with terms specified in a requirement made of the Commission by the foreign data protection body to give such an undertaking where —
(a)
those terms correspond to the provisions of any law in force in the country or territory in which the foreign data protection body is established, being provisions which concern the disclosure by the foreign data protection body of the information mentioned in paragraph (b); and
(b)
compliance with the requirement is a condition imposed by the foreign data protection body for providing information in its possession to the Commission pursuant to a cooperation agreement.
(5) In this section —
“foreign data protection body” means a body in whom there are vested functions under the law of another country or territory with respect to the enforcement or the administration of provisions of law of that country or territory concerning data protection;
“regulatory authority” includes the Commission and any foreign data protection body.
