Personal Data Protection Act 2012 - Singapore Statutes Online

SECOND SCHEDULE

Sections 2(1) and 17(1)

Additional bases for collection, use and
disclosure of personal data without consent

Part 1

COLLECTION OF PERSONAL DATA

1. The collection of personal data about an individual, if —

(a)	the personal data was disclosed by a public agency; and
(b)	the collection of the personal data by the organisation is consistent with the purpose of the disclosure by the public agency.

Part 2

USE OF PERSONAL DATA

Division 1 — Public interest

1. The use of personal data about an individual, if —

(a)	the personal data was disclosed by a public agency; and
(b)	the use of the personal data by the organisation is consistent with the purpose of the disclosure by the public agency.

Division 2 — Business improvement purpose

1.—(1) Subject to the conditions in sub‑paragraph (2), personal data about an individual (P) is used by the organisation for any of the following purposes:

(a)	improving or enhancing any goods or services provided, or developing new goods or services to be provided, by the organisation;
(b)	improving or enhancing the methods or processes, or developing new methods or processes, for the operations of the organisation;
(c)	learning about and understanding the behaviour and preferences of P or another individual in relation to the goods or services provided by the organisation;
(d)	identifying any goods or services provided by the organisation that may be suitable for P or another individual, or personalising or customising any such goods or services for P or another individual.

(2) Sub‑paragraph (1) applies only if —

(a)	the purpose for which the organisation uses personal data about P cannot reasonably be achieved without the use of the personal data in an individually identifiable form; and
(b)	a reasonable person would consider the use of personal data about P for that purpose to be appropriate in the circumstances.

(3) To avoid doubt, sub‑paragraph (1) does not apply to the use of personal data about P for the purpose of sending to P or another individual a message for an applicable purpose within the meaning given by section 37(6).

(4) In this paragraph, “organisation” excludes a corporation within the meaning given by section 4(1) of the Companies Act 1967.

Division 3 — Research

1. The use of personal data about an individual for a research purpose (including historical or statistical research), if —

(a)	the research purpose cannot reasonably be accomplished unless the personal data is used in an individually identifiable form;
(b)	there is a clear public benefit to using the personal data for the research purpose;
(c)	the results of the research will not be used to make any decision that affects the individual; and
(d)	in the event that the results of the research are published, the organisation publishes the results in a form that does not identify the individual.

Part 3

DISCLOSURE OF PERSONAL DATA WITHOUT CONSENT

Division 1 — Public interest

1. The disclosure of personal data about an individual to a public agency, where the disclosure is necessary in the public interest.

2. The disclosure of personal data about an individual who is a current or former student of an educational institution to a public agency for the purposes of policy formulation or review.

3. The disclosure of personal data about an individual who is a current or former patient of any of the following to a public agency for the purposes of policy formulation or review:

(a)	a healthcare institution licensed under the Private Hospitals and Medical Clinics Act 1980;
(b)	a licensee under the Healthcare Services Act 2020;
(c)	a prescribed healthcare body.

4. The disclosure of personal data about any individual to any officer of a prescribed law enforcement agency, upon production of written authorisation signed by the head or director of that prescribed law enforcement agency or a person of a similar rank, certifying that the personal data is necessary for the purposes of the functions or duties of the officer.

Division 2 — Research

1. The disclosure of personal data about an individual for a research purpose (including historical or statistical research), if —

(a)	the research purpose cannot reasonably be accomplished unless the personal data is disclosed in an individually identifiable form;
(b)	it is impracticable for the organisation to seek the individual’s consent for the disclosure;
(c)	there is a clear public benefit to disclosing the personal data for the research purpose;
(d)	the results of the research will not be used to make a decision that affects the individual; and
(e)	in the event that the results of the research are published, the organisation publishes the results in a form that does not identify the individual. [40/2020]

Search within Legislation