Data protection officers (DPOs) should protect, as well as innovate in their organisations — at least that’s the view of the Singaporean government.
Under the country’s Personal Data Protection Act (PDPA), organisations are required to appoint at least one individual as their data protection officer to ensure their compliance with the PDPA.
The IMDA: two years on — “trust and innovation are two sides of the same coin”
The role of the data protection officer
Tan Kiat How, the chief executive at the IMDA — Infocomm Media and Development Authority — explained to Information Age the department’s view of what it means to be a data protection officer.
“They shouldn’t be just a gatekeeper of what can and can’t be done,” he said. “Data protection officers should;
• Be a resource that helps provide solutions;
• Have a good grounding in data protection practices; and
• Build trust and acquire skills in data innovation to provide guidance to make better use of data.”
Instead of being a roadblock, DPOs should contribute to innovation discussions within an organisation.
“DPOs will define what monetisation looks like in terms of the data generated from the Internet of Things” — How
Data protection by design
The data protection, as Singapore understands, should help develop tools and instil a culture of data protection by design. “They should put into practice good principles of secure design of IT systems — adopt and convert data protection principles into their organisation,” said How.
Accountability-as-a-Concept — someone has to take responsibility
The approach to data
What is the message from Singapore about accessing data? What is the its approach?
The country has gone some way to answer this with the release of Asia’s first model AI governance framework — which provides guidance to private sector organisations to address key ethical and governance issues when deploying AI solutions.
The two high-level guiding principles underpinning this model framework are to help organisations ensure that:
1) Decisions made by or with the assistance of AI are explainable, transparent and fair to
consumers; and
2) Their AI solutions are human-centric.
This in turn should enhance trust in and understanding of AI, as well as acceptance of how AI-related decisions are made for the benefit of users.
Prime Minister Lee Hsien Loong looking to the digital future: “We’ve plucked all the low-hanging fruit”
The AI model framework is accountability in practice and provides pointers on use of data. “It is a practical and constructive approach, it’s not prescriptive but descriptive: what can be done without compromising security, privacy and innovation,” asked How?
The data protection officer is the individual who brings this in and adapts to the organisation.
“Our responsibility is to understand tech trends and how they will impact policies, laws and business models,” continued How.
“We have to be open in our thinking and update regulation.
“AI places stress on the fundamental concept of transactional consent. But, maybe consent alone won’t be sufficient moving forward, hence our focus on accountability: in some situations if you place responsibility on the shoulders of organisations and whether their use of data is used correctly, it creates legitimate interest.”
Achieving a connected, digital future in the Asia-Pacific region