Navigating Governance Frameworks  for Generative AI Systems in the Asia-Pacific - MAY 2024

FUTURE OF PRIVACY FORUM | Navigating Governance Frameworks for Generative AI Systems in the Asia-Pacific | MAY 2024 21 Jurisdiction Summary of Relevant Provisions Singapore The PDPA authorizes organizations to process a data subject’s personal data without consent if the processing satisfies the requirements for any of the exceptions to consent in the First and Second Schedules to the PDPA (Sectio. [...] The PDPA authorizes organizations to collect a data subject’s personal data if the organization obtains consent or if the collection satisfies the requirements for any of the exceptions to consent in the First and Second Schedules to the PDPA (Sections 13 and 17). [...] To rely on this provision, an organization must take reasonable steps to bring to the individual’s attention: » the organization’s intention to process the data subject’s personal data; » the purpose for which the organization will process the data; and » a reasonable period and procedure for the data subject to object to the proposed processing. [...] To rely on this provision, the organization must establish that: » the purpose for processing cannot reasonably be achieved without the use of the personal data in an individually identifiable form; and » a reasonable person would consider the use of the personal data for that purpose to be appropriate in the circumstances. [...] Singapore Section 23 of the PDPA requires organizations to make reasonable efforts to ensure that the personal data that they collect is accurate and complete if the organization is likely to use the data to make decisions that affect the data subject or disclose the personal data to another organization.